February 17, 2005

Ibbur

I have lately been subjected to a bizarre string of emails, beginning with a series of garbled letters -- maybe "txvb eg xweb ..." and so on for pages, then some kind of graphic element that my computer automatically blocks, then some unsettling text (here is the latest sample):

The otherwsie respectable Ash, whom you know from his numerous price fixing schemes, was found dead in the great hall of his tax avoiding non-profit Museum of Victorian Morality. Cause of death not ascertained on the scene, but the police report noted that the former Mr. Ash's thorax had been carefully opened, as if for a dissection.

This you did not suspect: the former Mr. Ash was found lying on a heap of photographs of children posed in ways that would make any Dickens think Victorian child labor was, by comparison, humane. Ash had long been a dealer of the stuff.

Early indications are that the murder was revenge (justifiable, you'd agree) from a victim of Mr. Ash's hitherto unknown business venture. There is great interest in an otherwise undescribed book stolen from the premises.

Police believe the killer motivated by metempsychosis.

And then more garble, and then some kind of pitch for herbal medicine or aroma therapy. The return addresses from these emails never work -- replies just bounce back.

Posted by Ideofact at February 17, 2005 10:53 PM
Comments

You know, it sounds like a spammer/virus trick.

At least from the return-address. Since email is a distributed system, and messages are passed in a "friend to friend" method between mail servers until it finds you, there is almost no way to make sure that the address in the "FROM" part of the header actually exists. Virus hackers love this fact. So do some spammers.

If it was a virus, the pictures are probably set up as places to hide the virus code, and possibly trick the computer into activating the virus while it displays the picture. You've probably got an email program with a good defaults settings for not displaying suspicious images.

I've also seen spam come in with junk like that in the message, and a picture that also works as an internet link to some advertised website.

My guess on the garbled text, and the strange story, is that the writer is trying to find his way around the usual spam-blockers. He does this by filling his message with ambiguous material (probably automatically generated) instead of the obvious stuff, the stuff that is in the spam-block list, or the virus-block list.

Of course, I could be totally wrong on this. On the other hand, I've found that any email address that is published on the World Wide Web will eventually receive messages of this sort, or more straightforward spam.

I'll also bow to someone else who knows more about email, spam, scams, and strange messages. I do know that there are geeks out there who can look at the header of an email like this, and tell you which email server was tricked into sending it to you, and which method the sender is trying to use against you.

Posted by: steve h at February 18, 2005 12:56 PM

Steve H is right in the essentials. One major technology deployed in the fight against spam is Distributed Checksum Clearinghouse, a system that maintains a living, breathing, distributed database of checksum signatures generated from spam samples.

I haven't administered the technology myself, so I'm weak on the particulars; but basically the DCC servers collect spam and generate tiny digital fingerprints of the messages and pass them out to DCC clients, including many commercial "e-mail firewalls". These clients, acting as mail gateways, produce their own signatures of all incoming mail and compare them against the DCC information. If they get a match, they quarantine or reject the message.

The eerie, 12-monkeys-at-a-typewriter narratives are thus attempts to foil the digital matching algorithm by adding an element of randomness to the composition of the message body.

As you imply, the results are strange and interesting.

Posted by: John-Paul Pagano at February 21, 2005 04:22 PM