Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Exploit Kits Have Changed Spammers' M.O.

timothy posted more than 2 years ago | from the if-you'd-like-to-continue-say-your-password dept.

Crime 37

An anonymous reader writes "Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate websites, but with the advent of exploit kits, that technique is slowly getting sidelined. Prompted by the rise in numbers of spam runs leading to pages hosting exploit kits, Trend Micro researchers have recently been investigating a number of high-volume spam runs using the Blackhole exploit kit. According to them, the phishing messages of today have far less urgency and the message is implicit: 'Your statement is available online'; or 'Incoming payment received'; or 'Password reset notification.'" One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now. "I send you this file in order to have your advice" was funny, because it stuck out.

cancel ×

37 comments

Sorry! There are no comments related to the filter you selected.

Copywriting (5, Interesting)

Anonymous Coward | more than 2 years ago | (#40631957)

"One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now"

At least in the '419-style' scams, research from Microsoft [microsoft.com] implies that the bad English is, at least in part, deliberate. It's obvious enough to 'smart' people that they won't bother responding (and therefore tying up the spammer's time trying to extricate their funds/credentials/whatever). However, less-savvy people might not realize it's a scam and therefore follow the links. As a result the hit rate of people who do respond is likely to be higher, resulting in a better yield for the scammer.

Re:Copywriting (5, Insightful)

stillpixel (1575443) | more than 2 years ago | (#40631997)

I suppose that technique would boil down to basically use the grammar most likely used by the persona you are targeting much like in advertising. So if you are targeting people less educated or computer savvy, then use poor grammar and misspell words.

Re:Copywriting (-1)

Anonymous Coward | more than 2 years ago | (#40632497)

You know how you expelled flatulence from your anus precisely 11 minutes and 32 seconds ago? Well, to be a bit blunt, it's my time to do the same.

Re:Copywriting (0)

Anonymous Coward | more than 2 years ago | (#40634305)

I send you this post in order to give your advice. Philadelphia Experiment Read It Seven ... Software Patents gone bad Flatulence is common problems affects everyone at some time or other. Sandoz Pharmaceuticals' levoflox will fix it quick. Buy here now, Google bad. Microsoft good. Tech

Re:Copywriting (1)

gshegosh (1587463) | more than 2 years ago | (#40636519)

Or they just use misspell words to bypass spam filters. I know it doesn't work NOW but it used to work.

Re:Copywriting (1)

The Mister Purple (2525152) | more than 2 years ago | (#40632005)

Exactly.

I leave this comment because I am out of mod points, otherwise I would mod you up.

Re:Copywriting (0)

Anonymous Coward | more than 2 years ago | (#40632657)

I like the irony when someone talks about "better English" and "Copywriter" in the same sentence.

What is copywriter anyway? Is it a misspelling of Copy Right changed into a noun?

Re:Copywriting (0)

lgw (121541) | more than 2 years ago | (#40632701)

What is copywriter anyway? Is it a misspelling of Copy Right changed into a noun?

A copywriter writes "copy" (material that will be copied). The normal implicaiton is "advertising copy", but it could be any short text, really.

A copy editor does what an editor once did: edit text for style and consistency, and of course simple errors ("editor" means something closer to "producer" these days).

Re:Copywriting (1)

Zontar The Mindless (9002) | more than 2 years ago | (#40636291)

The text of news stories is also referred to as "copy".

--Former writer of radio ad and news copy*.

(*Sometimes it was even possible to discern which was which.)

Re:Copywriting (0)

Anonymous Coward | more than 2 years ago | (#40637219)

Indeed. This may well be the first time in the history of slashdot that the word "copywrite" has been used in its actual meaning, instead of being a misspelled variant of "copyright".

Re:Copywriting (1)

interkin3tic (1469267) | more than 2 years ago | (#40632095)

How much time does it take to verify someone's information in the Nigerian prince scheme? I thought it was "Send me your bank account info" and if you sent them something else, they'd just ignore it. I'm surprised research indicates they'd save much time filtering out the smart people.

Re:Copywriting (1)

heypete (60671) | more than 2 years ago | (#40637169)

How much time does it take to verify someone's information in the Nigerian prince scheme? I thought it was "Send me your bank account info" and if you sent them something else, they'd just ignore it. I'm surprised research indicates they'd save much time filtering out the smart people.

For the most part, the Nigerian scammers aren't interested in "pulling" money from your account via direct debit or whatever. Rather, they lure you into sending them money through otherwise-legitimate means like Western Union. Such methods are essentially anonymous and irreversible.

Re:Copywriting (5, Interesting)

N0Man74 (1620447) | more than 2 years ago | (#40632109)

They are different attack vectors with different goals. Phishing relies on confusing a fake organization for a legitimate one. The more authentic and professional looking the better. Even a non-gullible person might fall prey to some of these sites (especially when more people are viewing e-mails on their phones and phones make it MUCH harder to see the tell-tale sign of a bad link).

When all you need is log-in information, or a bit of personal information, the more legitimate looking the better. You don't care if the person is gullible or not, because you are asking less of them. You set up a web server and just collect data with no need for human interaction with the visitors.

The Nigerian scams need people that are more gullible because those scams require more human time investment (and direct interaction) on the part of the scammer, and a greater amount of gullibility for their prey (since it also involves them sending money, not just filling in a form).

Re:Copywriting (0)

Anonymous Coward | more than 2 years ago | (#40633485)

"They are different attack vectors with different goals"

They are, but you can extrapolate a similar reasoning. The current attack vector isn't as much getting people to click a link and fill out a web form as much as getting them to open a file attachment. Most current browsers include some kind of phishing attack detection/prevention and I would suspect the usable lifetime of a phishing web site to be diminishing.
So, in the same way that 'smart' users would know not to follow a link or fill out a form, they're also less likely to open an attached file, and they're more likely to be running AV software that prevents their machine from getting infected or are running an OS that wouldn't get infected anyway. Therefore the bad grammar still helps filter/focus their response rate to people who are more vulnerable.

Re:Copywriting (1)

1u3hr (530656) | more than 2 years ago | (#40635297)

At least in the '419-style' scams, research from Microsoft implies that the bad English is, at least in part, deliberate

I don't believe that. It may be successful, but there is no evidence it's deliberate. This idea it's actually designed to sound dumb to target likely prey is pure conjecture. More likely it's just evolved -- just by cutting and pasting text that has worked in the past without any more analysis than that.

Re:Copywriting (0)

Anonymous Coward | more than 2 years ago | (#40638813)

research from Microsoft implies

Apparently there is evidence, you fucking moron. I can tell you what's not conjecture- your ideas sound dumb.

The question that remains is whether you designed them to sound dumb or not. Since the only evidence that I have is your post, I would venture to say that your ideas have evolved from metaphorically "cutting and pasting" the first fuckwad idea that comes out of your mind into Slashdot, without any analysis what so ever.

I bet you're one of those people who self diagnoses themselves with "mild aspergers" to justify your poor social skills and self-inflated ego. Just face the truth: You're a fucking idiot and will die alone with your dick in your hand.

Ahh ... the humorously bad english. (5, Funny)

oneiros27 (46144) | more than 2 years ago | (#40632053)

Here's yesterday's gem. Mind you, it was sent to an mailing list '-owner' account, too:

Date: Tue, 10 Jul 2012 05:19:24 -0300
From: MyUps <ups-shipping-agency@ups.com>
To: [listname]-owner@[domain]
Subject: You have urgent work

Hi, [listname]-owner

We got today a letter from tax depratment they writing that we have not paid all needed taxes. You must urgent clear this shit other way they are freeze our bank acocunts.

I have scanned the letter for you, you will find it in attach. Clear this situtaion and write me back.

Re:Ahh ... the humorously bad english. (1)

Anonymous Coward | more than 2 years ago | (#40632117)

That shit sounds serious, you better get on that, [listname]-owner.

I'm just trying to help, I not spammer.

Re:Ahh ... the humorously bad english. (2)

oodaloop (1229816) | more than 2 years ago | (#40632347)

acocunts.

It seems that it doesn't really matter how you try to pronounce this word; they're all fun to say.

Re:Ahh ... the humorously bad english. (1)

Mister Transistor (259842) | more than 2 years ago | (#40632607)

That is absolutely hilarious, but it's interesting that "shit" has found it's way into the vernacular enough that a translating robot would substitute it as a normal general word synonym for "badness" or "bad situation".

It's also funny when the spammer launches an unconfigured autos-pam script (to: [recipient] type stuff)...

That said, what the little shit said is no shit, this shit is some very urgent shit! :P

Re:Ahh ... the humorously bad english. (1)

228e2 (934443) | more than 2 years ago | (#40637755)

My text to voice translators have no problem saying profanity.

Re:Ahh ... the humorously bad english. (1)

oneiros27 (46144) | more than 2 years ago | (#40637981)

Doubtful it was an automated translator -- those would have been more likely to have spelled the words correctly:

depratment ... acocunts ... situtaion

... any of which would've been caught by a spell checker set for English.

Re:Ahh ... the humorously bad english. (1)

SpzToid (869795) | more than 2 years ago | (#40638649)

It is terrible when the acocunts gets frozen. Let's hope it doesn't come to this.

Bookmarks (5, Insightful)

organgtool (966989) | more than 2 years ago | (#40632107)

The only thing I use bookmarks for now is to make sure I don't fat-finger the URL to one of my financial sites and enter my credentials into an imposter's site. Whenever I get an e-mail that I have a new statement or that I need to reset my password, I use the bookmark rather than clicking the link in the body of the e-mail.

Re:Bookmarks (1)

Anonymous Coward | more than 2 years ago | (#40632141)

That is good - now to avoid DNS redirects, I guess you'd need a second bookmark for each to the official IP of the websites.

Re:Bookmarks (1)

Baloroth (2370816) | more than 2 years ago | (#40632395)

SSL cert signing helps a bit with that problem. If you are facing someone with a signed cert for that domain and the ability to do a DNS redirect, you're pretty well screwed. Not a lot you can realistically do to prevent that.

Re:Bookmarks (0)

Anonymous Coward | more than 2 years ago | (#40632401)

Why a 2nd one, and not just one with just the IP in it?

Re:Bookmarks (0)

Anonymous Coward | more than 2 years ago | (#40632453)

They probably all use HTTPS. Unless the phishermen got hold of a fake certificate or the bank's private key, DNS redirects would be flagged by the browser.

Re:Bookmarks (0)

Anonymous Coward | more than 2 years ago | (#40633763)

A lot of sites are cohosted responding only to DNA names. The rest (it seems like anyway) are mirrored and load balanced (aikame?) and so the ip may be wrong from day to day.

Re:Bookmarks (1)

downhole (831621) | more than 2 years ago | (#40632619)

That's exactly what I recommend to any basic users I talk to - a blanket policy of never ever follow any links in any email. Using only bookmarks eliminates a whole bunch of attack types.

Re:Bookmarks (1)

lakeland (218447) | more than 2 years ago | (#40632793)

Yes, I get SMS spam because I didn't do this once and was too sleepy to notice I'd hit the wrong site at first.

So annoying :(

Re:Bookmarks (1)

avandesande (143899) | more than 2 years ago | (#40638985)

I'm such an old fart that I just type in the url when I go to a pfishable site.

The decline of western civilazation (1)

Anonymous Coward | more than 2 years ago | (#40632397)

God, I am so tired of people who don't give a fuck about anyone but themselves. This goes for more than just the spammers. I would have thought that in the 21st century, with all of the technology and information available, that people would be a bit more willing to think about what's not just good for them, but also what helps out society and world as a whole. I remember how Usenet was once a thriving and intelligent community - and because of folks like this, it is now a shadow of itself. Way to go! Yeah, I blame capitalism, ignorance and greed - short-term gains for long-term losses. Anything to make a buck. Welcome to the future where the banksters and spammers and morally bankrupt politicians and 'corporate persons' rule the day and 'apologize' when they're caught. It's time for the human race to grow the hell up and think of more than just profit. Yeah, I'm ranting - for now. Thanks for reading. ;-)

Here's the real solution. (1)

Anonymous Coward | more than 2 years ago | (#40632605)

Make spamming an offense with dire consequences. I've seen people suggest it for pedophilia. That won't work. Pedophiles aren't operating on a reward basis, but a compulsion.

The same is not true for spammers, who see the rewards as far exceeding the costs.

We need to change that. We need to make it possible to execute a spammer and their entire family on the streets and the person who does it gets to keep all of their stuff.

Of course this solution will have some consequences as false-accusations of spamming will inevitably be misused, but we can fix that too, we just need to punish the exploiters there.

And then punish those exploiters.

Oh shit, I guess it won't work.

But still, it gives me great emotional satisfaction to imagine executing the scumbags behind the actual spamming. (Not the low-level peons who are probably the ones going to be thrown to the wolves anyway).

Then again, I feel the same about political campaign calls and their advertisements.

The inventor of Email's advice.on spam (1)

SternisheFan (2529412) | more than 2 years ago | (#40632899)

I once read that when Ray Tomlinson (the imventor of email) was asked about spam, he said he has an ironclad rule. "If I don't recognize the sender I immediatly delete it." I've been following his advice with good results for more than a decade now.

"That I see now?" (1)

Goaway (82658) | more than 2 years ago | (#40633179)

Sircam? That's a pretty funny definition of "now".

Why do spammers send so many identical spams? (0)

Anonymous Coward | more than 2 years ago | (#40637989)

I wonder why spammers send so many identical spams over and over. My bank (or whatever) only sends one message per month to annoy me about my account. When I see 20-30 identical (or clearly permutations of the same thing), I know it is spam and delete it. Even if the spam is well written, the huge number of them tips off even a dull person. I think spammers would have more succes if they limited the number of spams so it is not obvious that a message is bogus.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>