Smart Spammer

[Beemer]

I create filters to reject mail with certain content in the header and message body areas.

This spammer has given me a bit of a challenge this morning.
Here is the subject line in the header:
Subject: =?ISO-8859-1?b?R2V0IFZpYWdyYSBpbiB0aGUgY29udmVuaWVuY2Ugb2YgeW 91ciBob21l?=

All on one line of course.

This shows in the Inbox: Subject column as:
Get Viagra in the convenience of your home

What has this person/spamming idot used to encrypt the words?

I would like to find a way of thwarting this idiots effort to encrypt spam mail.

Cheers!

[dunbar]

Wish I had kept the information, but a few weeks ago, I came across a tutorial on how to encrypt email using codes that get interpreted.

[SARCASM]Lovely, ain't it? After all, the internet was invented exclusively for money grubbers, right?[/SARCASM]

:-\

[Beemer]

You probably mean this thread:
http://www.techimo.com/forum/showthr...threadid=78744

The encryption method used by the one I have posted here, uses something different.

Cheers!

[vass0922]

It may not be encrypted.. I think its more just random numbers/letters so you can't filter out by subject.

If he continues to spam you, try to find a pattern. Are the first characters always ?ISO

If you had a script doing the filtering you could use it to see if there were any words in the filter that were in a dictionary. Since this garbled string has no definable words in it.. pitch it.

I'm guessing you're using Outlook so that will prove more of a challenge :/

[dunbar]

Quote:

Originally posted by Beemer
You probably mean this thread:
http://www.techimo.com/forum/showthr...threadid=78744

I don't think so, no, but I'm creeping up on what I was trying to recall. Something about how %20 gets interpreted as space, etc. Which might have been URL trickery, so pardon the spew, I now return you to your regularly scheduled thread.

pfffft - I'm gone

[dunbar]

Quote:

Originally posted by Beemer
I create filters to reject mail with certain content in the header and message body areas.

This spammer has given me a bit of a challenge this morning.
Here is the subject line in the header:
Subject: =?ISO-8859-1?b?R2V0IFZpYWdyYSBpbiB0aGUgY29udmVuaWVuY2Ugb2YgeW 91ciBob21l?=

All on one line of course.

This shows in the Inbox: Subject column as:
Get Viagra in the convenience of your home

What has this person/spamming idot used to encrypt the words?

I would like to find a way of thwarting this idiots effort to encrypt spam mail.

Cheers!

ISO-8859-1 is, I believe, a character set or font table declaration. This type of string shows up in nearly all of my spam subjects.

Link to ISO-8859-1 information: http://www.bbsinc.com/iso8859.html and http://www.ramsch.org/martin/uni/fmi-hp/iso8859-1.html offer some information, but I'm lost as to why the subject line contains arabic letters, the 8859-1 table uses all numeric values. So something must be tripping the translator to convert the arabic letters into numbers which 8859-1 interpretation can convert to text subject line.

[Beemer]

I E-mailed abuse@(ISP) from the final received header info. That should at least take care of him.

Cheers!

[soulja]

thats the way to go