Word Salad, a workaround method invented by spammers to counter Bayesian spam filtering, is an old trick in the spammer’s manual, but cutting edge anti-spam filtering technology has made this ploy blunt.
As a form of Bayesian poisoning, Word Salad is an incongruous string of words. It uses words that are very legitimate and can be seen in any form of legit prose. From the perspective of Bayesian filtering, there is a large volume of legit data in emails which employs Word Salad. The word salad are often seen in the form of HTML, where nonsensical tags are used to break URLs up so analysers will have a hard time tracking down the spammy URL. The latest trend in word salad is to add the most current keywords, like the hottest news or an upcoming event.
The demise of Paul Walker, the ‘Fast and Furious’ franchise star, in a fiery car accident on Saturday, is the latest example exploited by spammers. Within hours of this breaking news, Symantec observed snowshoe spam or hit-and-run attacks, using "PAUL WALKER" in Word Salad. This topic is a highly searched topic at the moment, as his fans anxiously wait for his autopsy report. Earlier on, there was also fake news circulating claiming that Paul Walker has survived the crash.
Figure 1: An email body with the keyword "PAUL WALKER" using word salad.
The spam in discussion had no relevant ties to any news on Paul Walker, except for the Word Salad. The preview is that of a TV/Phone/Internet promo spam which has the headers below:
Subject: Cheap Cable-TV, Internet & Phone – Free Equipment, Premium Channels & Install
From: ~CABLETVSpecialS* <[name]@[domain].com>
Figure 2. A preview of the spam
As we remember Paul Walker, we should also be reminded this is another example of how spammers don’t hesitate to manipulate various incidents in their bid to promote spam.
RIP Paul Walker.