For Gold, Peace, and Freedom


Halloween Spam Brings More Tricks Than Treats

October 31st, 2007

halloween-spam1.jpgSpammers often take advantage of holidays so that they can try to sell more products to people who may already be in a buying mood, and it seems that Halloween is no exception. This year, gift card spam has been getting more popular, and as this article from Sophos.com points out, some spammers have combined these two ideas and set up a phishing site that attempts to collect personal information from email recipients in exchange for the promise of getting a Halloween gift card.

The spam mail employs various Halloween-related puns and clich├ęs and promises visitors that they can receive a free $250 MasterCard gift card if they click on one of the links in the email and fill out the questionnaire that follows. The site then asks for a significant amount of information such as email addresses, phone numbers, date of birth, and the like, after which visitors are taken through a series of other questionnaires pertaining to topics such as student loans, cigarette smoking, and other unrelated issues.

It is not clear whether the intent of the spam is to collect information for identity theft purposes or is simply another instance of overzealous marketing. In either case, if you happen to receive an email like this, it is not advisable to click through on the link or input any of your personal information. If you do, the most likely outcome will be an increase in your “spam to ham” ratio; in other words, you will have to deal with more unsolicited junk mail.

Meanwhile, John Graham-Cumming has released the next issue of his anti-spam newsletter, which includes some useful information about recent trends in spam-related trickery. Spammers are now beginning to use animated image files that display the names of their products or keywords as a way of slipping their messages through most spam filters. Pump-and-dump stock scams are now being spread by MP3 attachments, while a worm called Storm that began spreading last year still has antivirus experts befuddled as to how to contain or eliminate it. Finally, Chris Drake shares his ideas on ways to separate spam from ham. More details are posted below:

Welcome to issue #64


Sorin Mustaca wrote with a pointer to a blog posting about how GFI Software spammed him telling them how their spam filter was able to cope with MP3 spams.


To keep up with the latest in spammer trickery I’ve added two tricks
to The Spammers’ Compendium:

- Pump up the volume (TA!Pump!Audio)

Attaching an audio file (MP3 or WAV) to an email. The audio file contains the pitch read by a human voice.

- Times Square (TA!Times!Image)

Using GIF animation to prevent tokenization and arranging the letters so that they flash like a neon sign in the ‘wrong’ order making OCR hard.



If the Storm Worm somehow managed to pass you by then I suggest reading Bruce Schneier’s article about it.



Chris Drake shares an idea/observation:

Every few weeks, I think of new (to me) ways to detect the difference between spam and ham. I don’t write these down, often forget, and aren’t in a position to do anything about it, so I thought I’d bore you with my idea instead - in case any really are new and help to efforts:

Today’s idea: enhanced greylisting - when a normal MTA applies greylisting, regular sending servers gracefully exit, and often try secondary a MX, but I noticed today that zombie machines immediately drop the connection (no SMTP QUIT or anything), and don’t try the secondary. This might be a handy clue for spamscoring systems to use maybe?

I’m not sure if I’m alone in this, but about 40 days ago, my spam rate doubled. 5 days ago I realized it was zombies (I think) pounding a few more domains they’d found I own. In 5 days, I’ve had 70,000 unique zombie IPs attempt to deliver 500,000 spams to just 1 of my mail servers. Excluding the top 10 IPs, no zombie sent more than 100 messages, and even the most prolific 2 IPs both sent less than 500.


I’d like to hear from you, if there’s something you think should be included in the newsletter, or just have an opinion, drop me a line at antispam(at)jgc.org.

One Response to “Halloween Spam Brings More Tricks Than Treats”

  1. comment number 1 by: Cindy (The 15 Minute Dating Blog)

    Those darn spammers, they are getting more sophisticated every day. The spam email are so effective now even gmail can not detect some of them…

Post Your Comments, Opinions, or Suggestions Here:


Email (optional)

Website (optional)