Spam subject:
this going to expolad
It’s a stock spam, and what they’re trying to say is “This is going to explode.” But doesn’t “Expo-Lad” sound like a character from the Legion of Super-Heroes?
Just imagine:
“No one wants to come to our convention! What can we do?”
“Never fear! Expo-Lad will save us!”
Update: I can’t believe I didn’t think of this earlier, but maybe ExpoLad is related to TypoLad!
Some recent bizarre-but-true spam subjects:
Dinky $ch001girl$ of the universe
Obviously trying to avoid keyword filters (not that it helped), but come on—“dinky?” When was the last time you saw that applied to a person? And what exactly is a “schoolgirl of the universe?” It sounds like a new anime series or something, with schoolgirls and jet packs, roaming the galaxy to defeat evildoers.
trill boxing
It’s the fight of the 24th Century! In this corner: Curzon Dax! In this corner: Odan! Who will win? All I know is it won’t be my free time; when I looked up the names, I found Memory Alpha, a Star Trek wiki with waaay too much info. And there’s all kinds of stuff that’s happened since I stopped watching in the mid-1990s.
It lets a woman ride you like you’ve never been ridden before!
Sent to a spamtrap with a woman’s first name. Sure, you’ll reach a few who might be interested, but statistically speaking you’re better off targeting men. Or, if you take it literally instead of figuratively, horses. Last I looked, though, there weren’t too many horses with email. Unless you count pwnies, I suppose.
Remember how LiveJournal, TypePad, and related sites were down the other day? The official line was that “Six Apart has been the victim of a sophisticated distributed denial of service attack.”
It turns out that the DDOS wasn’t aimed at 6A, LJ, or any other part of their network. It was aimed at Blue Security, an anti-spam company, who decided to re-route their web traffic to their blog—a blog hosted on TypePad. So instead of their own site going down, it took out Six Apart’s entire network of millions of bloggers.
Classy move, guys.
I do admire Six Apart’s restraint in not pointing fingers themselves. If it had been my site (though in a way, I suppose it was, since I’ve got an LJ blog, even if I don’t update it very often), I would have been royally pissed off.
Sure, Blue Security didn’t launch the attack—but they did choose where to redirect it. Maybe they thought Six Apart would be able to handle it. Maybe they thought the attackers were targeting them by IP and not domain name. Maybe they were panicked and didn’t think. Maybe they thought things through, but 6A got bitten by the now-all-too-familiar law of unintended consequences. They could easily have pointed their domain name at empty IP space, or to localhost. Redirecting it to a third party was less like deflecting a punch and more like the “Do it to Julia!” moment in 1984, or the classic joke, “I don’t have to outrun the bear, I only have to outrun you.”
(via Spamroll)
Update: Additional articles at Computer Business Review and at Netcraft, and a Slashdot story.
Update 2: According to Blue Security, the DDoS was not targeting their website by name, and the DDoS didn’t attack their blog until after they had already redirected the website. So it looks like it was less a case of them redirecting the attack and more a case of the attackers chasing them.
*Sigh* Must remember to collect all facts before engaging in righteous anger.
Update 3 (May 9): Apparently “all the facts” as reported by Blue Security don’t add up… (via Happy Software Prole)
A mortgage spam started with this line:
D r ear Home O u wne u r ,
OK, so they’re inserting random space-letter-space sets into the text. But let’s ignore what they’re trying to say, and look at how it actually came out.
“Drear” home owner? (Or rather, “ouwneur?” Are they French?) Apparently I picked up the deed to the House of Usher or some such miserable domicile. I can’t say I’ve noticed any ravens around (not counting my comic collection, anyway), though I’ve certainly been awake many a weary midnight.
Lately I’ve seen an interesting pattern emerge in the comment spam logs here. Along with the usual collections of links to pills, porn, and watches, there are a bunch of trackback spam attempts using innocuous websites like Google and Yahoo and the phrase “this is very good,” over and over.
Title? “this is very good”
Blog Name? “this is very good”
Author? “this is very good”
The excerpt itself varies a bit, but is usually something like, “this is related article.”
I figure they’re either probes or attempts to poison blacklists.
What’s funny about these is that in the logs, the fields are all run together, so it looks like this:
author: this is very good title: this is very good blog_name: this is very good e-mail: …
The natural inclination is to break the phrases at the punctuation, so it looks like it’s saying, “This is very good title. This is very good blog name. This is related article.”—making it sound like Zathras is behind the keyboard!
After my latest round of supposed anti-fraud notices claiming to be from banks with which I don’t have any accounts, it occurred to me that phishing, 419 scams, email spam, blog spam, etc. are all scattershot approaches. They seem so obvious to those of us who are used to seeing them. It seems unthinkable that someone would fall for a phishing attempt that identifies itself as someone else’s bank, or buy pharmaceuticals from someone who can’t spell d.Ruugz. But they’re not intended for us. We’re just collateral damage.
Direct marketing often makes at least an effort to aim, because paper and postage cost money. That’s why businesses and charities will mainly share/sell their mailing lists among similar organizations, and not some random list of people. In this way, direct marketing is like riflery: you want each shot to be as accurate as possible.
Email, however, is cheap, and most spammers are using someone else’s resources to send out the mail anyway. It’s long been pointed out that they don’t care if 99% of their messages get lost in the ether. They only need a fraction of their list to respond. It’s like using a machine gun: you don’t have to aim, just spray the general area and at least one bullet is likely to hit your target.
So phishers don’t have to match their pitches to each recipient’s bank. If they plaster the net with messages claiming to be from Chase, it doesn’t matter if most of their messages hit Wells Fargo customers. Statistically speaking, some of the recipients will have Chase accounts, and some of them will be fooled, and that’s all they need to collect their virtual loot.
And the rest of us? Bystanders caught in the drive-by.
You’ve probably heard by now that AOL and Yahoo are preparing a system by which large-volume email senders can pay to get their mail sent on to subscribers. You probably haven’t heard that it’s not just pay-to-send so much as it’s pay-to-get-accredited. Senders pay a company called Goodmail to say “we won’t send spam,” Goodmail checks them out, and Yahoo and AOL use Goodmail to bypass their regular spam filters.
This, of course, hasn’t stopped a flood of knee-jerk reactions. (via Spamroll)
What’s funny is that this conundrum has been almost exactly like the controversy two years ago over Microsoft choosing Bonded Sender as an accreditation service/whitelist for Hotmail—knee jerking and all.
Back then I wrote the following article and never got around to posting it. Thanks to AOL, it’s finally topical again. Sadly, I haven’t had to change much to bring it up to date. Continue reading
