Fighting unicode-obfuscated spam

13 years 1 months ago
Fighting unicode-obfuscated spam
In the last few years, obfuscation has been used more and more by spammers to make spam emails bypass filters. The standard method is to use images that look like text, since typical spam filters are unable to parse such messages; this is what is used in so-called "rock phishing". To fight imagebased spam, many spam filters use heuristic rules in which emails containing images are flagged, and since not many legit emails are composed mainly of a big image, this aids in detecting image-based spam. The spammers are thus interested in circumventing these methods. Unicode transliteration is a convenient tool for spammers, since it allows a spammer to create a large number of homomorphic clones of the same looking message; since Unicode contains many characters that are unique but appear very similar, spammers can translate a message's characters at random to hide black-listed words in an effort to bypass filters. In order to defend against these unicode-obfuscated spam emai...
Changwei Liu, Sid Stamm
Added 14 Aug 2010
Updated 14 Aug 2010
Type Conference
Year 2007
Authors Changwei Liu, Sid Stamm
Comments (0)