Spam Filters get Russian Lesson

Wednesday, November 30, 2011 @ 10:11 AM gHale


Sophistication levels of spam continues to heighten as messages contain phone numbers instead of links that point to locations of different products. To make sure they successfully avoid spam filters, Russian spammers devised some new ways in which they make phone numbers remain undetected.

There are a large number of methods utilized by Russian spammers to list phone numbers in email messages without raising the suspicion of any anti-spam solution, said Symantec researchers.

RELATED STORIES
McAfee: Malware Drawn to Android
Targeted Attacks on Rise
Malware Alert: Android up 472%
Busted: Ghost Click Nets Six

One of the simpler methods implies placing symbols between the figures that compose the number. For instance, (495) 123 456 can transform into (4~9~5)1~2~3~4~5~6, but this is only one of the more unsophisticated means of disguising a number.

In some cases, Russian characters that resemble figures can replace some numbers. In Russian, symbols can replace 3, 4 and 6. The symbols Зз, Оо, Чч and Ьь can efficiently go into a spam advertisement and its recipients will surely know what number to call.

Since the evolution of anti-spam technology, some of these tricks end up ferreted out, so that’s why spammers took these techniques even further.

In some scenarios, spammers spelled the numbers in Russian words, which would make the above phone number look something like (четыре девять четыре) один два три четыре четыре шесть.

One final strategy involves writing the area code with the actual name of the city it represents. In this case, 495 becomes Москва (Moscow).

By using a combination of these cryptographic mechanisms, spam filters are in for a difficult time against the malicious messages. However, while some may think that a phone number is not as dangerous as a link that points to a piece of malware, in reality, a phone number can always hide a premium rate number or a person that’s prepared to perform some precisely targeted social engineering.



Leave a Reply

You must be logged in to post a comment.