spɹɐʍʞɔɐB writing is spammers' new mail filter avoidance trick

Sexe.doc? More like Scod.exe

Spammers are writing emails backwards in an attempt to sneak past spam filters, security researcher Brian Bebeau has found.

The pests were using left-to-right override code intended to facilitate the use of bi-direction text, such as a document that included English and Hebrew.

The Trustwave researcher said the tactic had a good chance of slipping past spam filters.

"[Phishers] use it to reverse the email text in an attempt to bypass spam content filters," Bebeau wrote.

"While some content filters might check for generic phrases like 'Dear customer', they probably won’t be looking for the reverse text.

"Likewise, 'woleb knil eht no kcilc' will probably not get a second look, unlike 'click on the link below'."

Phishers had also applied the tactic to sections of filenames in order to obfuscate the extension and slip malware past scanners. This meant 'PAYLOADexe.doc' would become PAYLOADcod.exe.

"Instead of reading a Word document, you would install malware," Bebeau said.

Spammers have employed a host of trickery to slip past mail filters and proliferate wares over social media. Virus Bulletin maintained the Spammer's Compendium that listed many of these tricks.

Many of the tactics were put to use when large caches of email addresses surfaced on the public web as a result of breaches. The money generated from spamming oiled the wheels of large and co-ordinate cybercrime operations. ®

Similar topics

Broader topics

Other stories you might like

Biting the hand that feeds IT © 1998–2022