Wednesday, August 02, 2006

A nice front-page puff in today's Times for this:'s Bilbo here. D'you wanna buy some Viagra?
Adam Macqueen
Why is your inbox full of offers for pills? Our correspondent finds the answer in The Hobbit

Bilbo Baggins tried to sell me some Viagra last week. It was a surprise: J.R.R. Tolkien never recorded hobbits’ pharmaceutical pleasures as extending any further than a pouch of tobacco, but nevertheless, there he was in my email inbox alongside an offer for “CIjALIS, AMBjIEN, VALjIUM, VjIAGRA”. “When they had dried in the sun, which was now strong and warm, they were refreshed, if still sore and a little hungry,” one Mokosh Bauder wrote to inform me. “Soon they crossed the ford (carrying the hobbit), and then began to march through.”

Intrigued, I started paying more attention to the dozen or so spam emails that plop uninvited into my inbox every day. It wasn’t long before the Shire’s most famous son returned. Another pill offer was accompanied by the unlikely news that “it was in this way that he learned where Gandalf had been to; for he overheard the words of the wizard to Elrond. It appeared that Gandalf had been to a great council of the white wizards, masters of lore and,” while an intriguing message from an attractive young lady who was planning on visiting my area suggested she would be accompanied by a green-hooded dwarf by the name of Dwalin. At this rate I’ll have all 317 pages of The Hobbit by the end of the year.

The first “Hobbit spam” was sent in late May by a “zombie network” of some 150,000 virus-infected PCs which were taken over by a mystery spammer, and have since been used to send out hundreds of millions of drug offers while their owners remain oblivious. This particularly sinister method of distributing spam is increasingly popular – industry sources estimate that over 80% of all spam circulating in June was sent by remotely controlled PCs, a jump of 30% from 2005, a direct result of internet service providers cracking down on the formerly popular method of setting up multiple “disposable” accounts using false contact details and stolen credit cards. Earlier this year a 21-year-old Californian hacker was sentenced to five years in prison for running a network of half a million zombie computers around the world. He wasn’t even sending the spam himself – just renting his system out at 100 dollars a time. You probably got some of his mail. Even worse, you might have sent some of it yourself.

So where does Bilbo Baggins come into this? Well, he’s the latest ingenious method that spammers have found of bamboozling security software which does its best to filter out the estimated 68million spam emails which are sent in the UK every day before they reach their destination. This used to be a relatively simple matter – software just looked out for suspicious words and phrases like “porn”, “free investment”, “reverses ageing” and anything that sounded a bit rude, and dumped them straight into the virtual waste paper bin. Determined spammers soon found a way round that by throwing away their dictionaries and inventing words like “pron” “secx” and the aforementioned “VjIAGRA”, which someone with too much time on their hands at the website has worked out can be spelt 600,426,974,379,824,381,952 different ways while still remaining recognizable. This being a tit-for-tat (or possibly a t!t-for-t@t) kind of affair, software developers hit back by trying to second-guess the spammers, with the result firstly that the Horniman Museum in South London spent much of 2004 unable to get any of its emails delivered, and secondly, that a new front was opened on the spam war – one that would ultimately see Mr Baggins and his dwarfish friends fighting a rearguard action against an eighteenth-century Presbyterian minister from Tunbridge Wells.

When his Essay Towards Solving a Problem in the Doctrine of Chances was published in 1764, it is probably fair to say that the Reverend Thomas Bayes did not foresee its use in the battle against unwanted penis extensions and Russian pornography. In 2002, however, internet giants Google and Microsoft both decided to adopt Bayesian Probability as the basis for the filtering techniques in their software, giving us all a reason to be thankful to the good reverend. Briefly, rather than singling out individual words, Bayesian filtering works on the principle that if the majority of words in an email are ones that are commonly found in spam, it is probably a spam email. Mr Bauder’s simple core message – “CIjALIS, AMBjIEN, VALjIUM, VjIAGRA” – would instantly be identified with a 100% hit rate. Add 37 words of bedtime reading, however, and the dodgy word-rate goes down to a mere 9.8%, well within Bayes’s acceptable score.

It’s not just The Hobbit, of course. Spammers can get round Bayesian filters by attaching strings of random words, giving rise to the phenomenon of “spoetry”, lovingly collected by bloggers worldwide. An English graduate friend of mine recently swore blind she had been emailed by Gerard Manley Hopkins when she received a Viagra offer accompanied by the verse “serpent melon ready-beaten five-figure/
horn chestnut self-occupied two-stream/ Non-Archimedean co-option black-visaged/
pier dam death-divided quinine herb”. But The Hobbit is at least an appropriate choice. The book documents how Baggins, proud to be one of the “plain, quiet folks with no use for adventures” is approached by a mysterious stranger, the wizard Gandalf, and offered a place on a treasure quest which promises to be “very good for you, and profitable too, very likely”. Despite initially rejecting the opportunity (“I don’t want any adventures, thank you. Not today… Nasty, disturbing uncomfortable things! Make you late for dinner!), he takes a chance and ends up not just a changed hobbit but the recipient of a generous share of a dragon’s hoard, gold, silver and jewels “quite as much as I can manage.” There’s the small matter of a magic ring that will require an entire other trilogy to clear up, of course, but as far as the spammers are concerned, Tolkien’s message is clear. Click here, hand over your credit card details, and let Gandalf worry about the details…

1 comment:

David Stanley, VP & MD EMEA, CipherTrust said...

Computer users need to be aware of the cunning nature of spammers who are constantly changing their techniques to get spam past messaging security appliances, as highlighted in your article, entitled, ‘Pssst…it’s Bilbo here, D’you wanna buy some Viagra?’ Users also need to be on high alert for any emails from unknown sources relating to sex as spammers know they can get the most profit from this type of spam, with the highest percentage of users (5%) actually responding and clicking through to buy products.

Businesses and consumers also need to be aware that these spam messages are more than just a way to make money, they are used to gain access to bank accounts and other information for identity theft or to infect machines with viruses or worms, causing network damage or turning a computer into a zombie. Whilst research into tracking new keywords is an important part of spam filtering, computer users should also be investing in messaging security appliances that include features, such as tools to develop black lists of known spammer IP addresses, which can be used to block and return spam before any bandwidth or processor time is used.

Spammers may be clever in their approach but vendors are constantly working to provide e-mail users with the technology and education to not only provide protection from spam and viruses, but to teach users what these messages may look like so they can avoid them in the future.