Spammers often use a variety of obfuscation methods in an attempt to bypass anti-spam filters. We did some follow up analysis on a recent dating spam attack in which the spammers made use of URLs in the message body with spaces inserted in between characters in the URL. Although this obfuscation technique has been much used in the past, it has not been as prevalent in recent times. This particular spam attack was active during the last week of January and lasted until the first week of February, 2011. Approximately 12,000 spam messages were observed in this attack.
The subject and message body in this spam attack were randomized in addition to the URL obfuscation.
Sample subject line variations observed in this attack are:
Subject: Svetlana Martyushova appeared in the chat
Subject: Tatyana Zhivkova - waiting on you
Subject: Kazak Avrora thinks...