Security researchers from anti-virus vendor Avira,
warn of an interesting technique used in recent junk e-mails. In order to avoid anti-spam filters, cybercrooks have resorted to using HTML table grids, whose cells' background is colored in such a way as to compose words.
According to the analysts, the campaign has been spotted starting March 23 and the e-mails are properly formatted, containing a text/plain and a text/html section. The two parts have the purpose of displaying the same content.
"If we would render the HTML part, we obtain exactly the plain/text part. This makes the email even more credible," Avira's Manager of International Software Development Sorin Mustaca explains on the company's TechBlog.
The HTML section has the purpose of displaying the word "VIAGRA" without actually using any ASCII characters. Instead, a table with 6 rows and 31 columns is used, where all the cells are aligned at the top and some of them are colored differently to form letters using the "bgcolor" tag attribute.
"This is not yet detected by most spam filters – a simple word filter fails," Mr. Mustaca warns. Additionally, the included link points to a page hosted on spaces.live.com, a popular and legit online service provided by Microsoft.
The researcher notes that attempts to get the offensive account suspended have failed. "Trying to report the URL to live.com was impossible," he writes. This is not at all unexpected, considering that, at the end of November 2008, Microsoft occupied the number five position on the "10 Worst Spam Service ISPs" list compiled by the Spamhaus spam-fighting outfit.
Spamhaus representatives noted at the time that the main reason why Microsoft had made it to their list was the abuse on its online services such as Windows Live Spaces, which the company failed to address. Cybecrooks like phishers, spammers, or malware distributors resort to employing popular services in their campaigns because users tend to trust those links more.
Spammers have used other methods of avoiding spam traps, such as transmitting their message through ASCII art. This technique employs characters arranged in certain patterns in order to visually create words, but the more complex filters are able to pick it up. Using pure HTML code, with no real text output whatsoever, is not that common, but while it is an intriguing approach, it's likely to only be successful in the short run, until the anti-spam software gets updated.
