Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Adult Spam in Disguise – a Spammer's Antispam Filter Evasion Technique

Created: 12 Dec 2007 08:00:00 GMT • Updated: 23 Jan 2014 18:43:50 GMT
Kelly Conley's picture
0 0 Votes
Login to vote

We've observed some adult spam in disguise.The usual adult spam that we see is simple text with links and adultphrases that make it quite obvious what it is. The mutation that we'verecently observed includes an email that has two parts—HTML and plaintext—where the plain text portion looks completely legitimate and infact is a portion of a legitimate newsletter of some kind. However, theheaders make it apparent that it is not from the legitimate company.

Headers:

From: Sexy Girls Waiting Live Now

Subject: Tired Of The Overpriced Cam Sites

Text body:


(click for larger image)

What makes it even more obvious that this is spam is the HTMLportion of the body, which when rendered shows graphic adult content.As a lot of people have their email sent to them in HTML they will onlysee the adult portion of this spam attack. They won't even know thatthe legitimate content is there. So why is it there?

HTML portion:


(click for larger image)

We believe the spammers are inserting legitimate emails into theirspam to avoid spam filters. It's the oldest game in the spammers' book:"How to avoid being caught." In this particular example above, thespammer is hoping that the inclusion of legitimate company names in themail will help the message get through antispam filters. It is alwaysinteresting to see what the spammers will try next in this game offilter evasion; however, we don't think this technique will be veryfruitful.