Spammer Templates

Although I generally consider email spammers – especially phishers – pretty evil, it is occasionally enjoyable to receive a spam email or comment which demonstrates how dumb they can be.  In this case, I received a comment on this blog which demonstrates nicely how some messages are created.

The whole ltext of the comment was too long to include in full here, but here’s an extract:

{I have|I’ve} been {surfing|browsing} online more than {three|3|2|4} hours today, yet I never found any interesting article like yours. {It’s|It is} pretty worth enough for me.
{In my opinion|Personally|In my view}, if all {webmasters|site owners|website owners|web owners} and bloggers made good content as you did, the {internet|net|web} will be {much more|a lot more} useful than ever before.
I {couldn’t|could not} {resist|refrain from} commenting. {Very well|Perfectly|Well|Exceptionally well} written!
{I will|I’ll} {right away|immediately} {take hold of|grab|clutch|grasp|seize|snatch} your {rss|rss feed} as I
{can not|can’t} {in finding|find|to find} your {email|e-mail} subscription {link|hyperlink} or {newsletter|e-newsletter} service. Do {you have|you’ve} any?

{Please|Kindly} {allow|permit|let} me {realize|recognize|understand|recognise|know} {so that|in order that} I {may just|may|could} subscribe.
… etc etc …

To a programmer, the braces ‘{‘ ‘}’ and contained pipe character ‘|’ are well known mechanism to show options (e.g. in regular expressions) and clearly the intent of the spammer’s code was to identify each option in the template, and then send a single comment with all the options selected (presumably randomly).  The sheer number of selections is probably intended to try and confuse spam filters.  The glowing praise in all options is intended to make the average blogger approve such comments through vanity if nothing else!

So, just to be clear, the following template would, with appropriate expansion, write a mini-adventure script:

You are in a {cavern|room|pub} and you look {up|down|around} and see a {bottle of whiskey|sword}, and pick it up.  You see a {tunnel|passage|shaft} and walk down it, until you get to a {fork|split}, and you go {left|right}. {Then you find a treasure chest, and live a happy life.|Unfortunately, a powerful robot smashes you over the head and you die.} The End.

Even this short script would allow for 3 x 3 x 2 x 3 x 2 x 2 x 2 options, or 432 different adventures!

Now – you may have noticed that the original spam text has braces within braces; as long as the algorithm to select options was done recursively there is not reason why whole different emails (or adventures) can be embedded within a single block of text; in a sense it is quite a neat way to use a single algorithm to deliver results at different scales (a word replacement, or full message replacement).

Of course, the funniest thing about this is simply that the sender has apparently forgotten to run the code at all!  We can also see that some of the word-replacement options are very odd: who wouldn’t hope to get a comment:

I’ll right away snatch your rss feed as I can not in finding your email subscription hyperlink or e-newsletter service.

What’s the Harm in Spam-Comments on Blogs?

They waste space, bias search-engine results, and potentially open people up to more serious kinds of hacks.  I went to have a quick look at the site that appeared to be being linked to by the poster of this spammy crud, and it looked like a date-guidance website. Based on the text of some of the guidamce, you can certainly see the thesauras at work:

There are some simple methods that you could request the girl’s quantity.

Screenshot from a Spammer’s Website

A girl’s Quantity? Oh – you mean her number as in phone number!

Now, this may be harmless and stupid – or it might be a cuddly front-end to some other nefarious crap… so I was cautious even visiting it… but I decided to take a quick look for the purposes of this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *