Spammers getting more sneaky...

[Jonathan Hunt]

I had a VERY sneaky spam arrive this morning that almost got through
bogofilter.  The only reason it didn't was because it was sent to an
address that I only ever get spam to, and so the "To:" address was enough
to pull it above the spam threshold.

It was sneaky because over half the text in the message was made to
look like ham, but (I think) hidden using...
<p ALIGN="CENTER" style="margin-bottom: -20">

It also had the 'V' word, but the characters in the word were
interspersed with other random characters hidden using...
<font size="2" color="#FFFFFF">

Now as bogofilter just strips these tags out, it saw the 'V' word token
as...  Vqixafgprta
And the 'margin-bottom' (which could become common if this spam technique
catches on) was stripped out too.

So the only thing that the current version of bogofilter can really
get a handle on with this spam is the "To:" address.  I fear a similar
mail sent to my primary email address will get through.

I'm not sure what could really be done about the hidden white characters,
but perhaps style components of html tags should be parsed for tokens?

-- 
Jonathan Hunt