TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

07-11-2007, 11:44 PM

Virus Guy wrote:
> kurt wismer wrote:
>
>>> How many mass-market PC's (Dell, Gateway, etc) come with
>>> Acrobat installed? (just wondering)
>> how can i explain to you what a stupid question that is?
>
> You are stupid for mis-interpreting it.
>
>> acrobat is a program that *A LOT* of people install after
>> getting their computers
>
> No shit sherlock. That's not the answer to my question.

because the question illustrates what emerson was talking about in his
famous quote about a foolish consistency... while it is generally true
that a dependency on software that didn't come pre-installed hurts one's
success rates, it's not always true...

moreover it's not the only part of the equation the spammers are looking
at... as good or bad as client-side anti-spam may be, gateway filters
take huge chunks out of the pool of potential recipients so the balance
between ease of use by the recipient and obfuscation from the filters is
shifting to favour obfuscation...

>> no, you have to click on it - which people who deal with pdf's
>> have been trained to do... i'm sorry if pdf's are foreign to
>> you, but that's how people interact with pdf's in the real world
>
> Don't be a smart-ass. The point I'm making is that if you're a
> spammer, you want your recipients to see your shit.

and the point i'm making is that acrobat is virtually standard *in
spite* of not necessarily coming pre-installed...

> People are MORE
> prone to NOT click on something in e-mail, moreso than they are PRONE
> to act like a trained dog and click on an attachment just because it's
> a PDF.

spammers have always had a poor penetration rate with their
advertisements... if the new obfuscation reduces it they'll just do what
they've always done - make it up on volume...

>>> All the zombies that just spewed that useless e-mail
>>> have now been blacklisted on various RBL's.
>> ???? more misunderstanding... if you blacklisted every domain
>
> RBL's don't black-list domains
>
>> (or even just ip's) with zombies on them you'd wind up
>> blacklisting every isp in existence... rbl's don't do
>> that because they know it's pointless...
>
> DNSRBL's do exactly that. They blacklist IP addresses. Individual IP
> addresses.

yeah, that's real useful in the dynamic ip world of home users where
most zombies are found...

>> isp's try to stomp out the zombies on their networks
>
> These days, few if any ISP's do that.

in my part of the world they do...

>>>> and yet ocr spam filters have been effective against
>>>> many of those image spam techniques...
>>> Can you point to any web-resource that corroborates that
>>> statement?
>> http://www.virusbtn.com/spambulletin...sb200611-image
>
> Interesting page, but I see no examples of slightly-rotated text that
> is common in most image spams these days. I'm looking at a recent
> spam where the background is multi-hued blue and the text is in red
> letters (Discount Pharmacy online) the drug names are in white
> (Viagra, Cialis, Ambien, etc) and the prices are in orange-yellow
> ($2.00 mostly).
>
> As these images comes closer to replicating captcha, the OCR software
> will have no chance.

well, i'm no ocr spam filter developer... i just see a bunch of
techniques that one might naively assume would foil ocr but which ocr
has none-the-less overcome so when you say that rotation is one that ocr
*can't* overcome i'll have to take a page out of your book and ask if
you've got a web-resource that corroborates that statement...

(and frankly, when i was working in face recognition, slight rotation
was not a problem so i don't see why it should be a problem for
character recognition)

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

07-11-2007, 11:44 PM	#2
kurt wismer Guest Posts: n/a	Re: New .PDF malware (?) Virus Guy wrote: > kurt wismer wrote: > >>> How many mass-market PC's (Dell, Gateway, etc) come with >>> Acrobat installed? (just wondering) >> how can i explain to you what a stupid question that is? > > You are stupid for mis-interpreting it. > >> acrobat is a program that A LOT of people install after >> getting their computers > > No shit sherlock. That's not the answer to my question. because the question illustrates what emerson was talking about in his famous quote about a foolish consistency... while it is generally true that a dependency on software that didn't come pre-installed hurts one's success rates, it's not always true... moreover it's not the only part of the equation the spammers are looking at... as good or bad as client-side anti-spam may be, gateway filters take huge chunks out of the pool of potential recipients so the balance between ease of use by the recipient and obfuscation from the filters is shifting to favour obfuscation... >> no, you have to click on it - which people who deal with pdf's >> have been trained to do... i'm sorry if pdf's are foreign to >> you, but that's how people interact with pdf's in the real world > > Don't be a smart-ass. The point I'm making is that if you're a > spammer, you want your recipients to see your shit. and the point i'm making is that acrobat is virtually standard in spite of not necessarily coming pre-installed... > People are MORE > prone to NOT click on something in e-mail, moreso than they are PRONE > to act like a trained dog and click on an attachment just because it's > a PDF. spammers have always had a poor penetration rate with their advertisements... if the new obfuscation reduces it they'll just do what they've always done - make it up on volume... >>> All the zombies that just spewed that useless e-mail >>> have now been blacklisted on various RBL's. >> ???? more misunderstanding... if you blacklisted every domain > > RBL's don't black-list domains > >> (or even just ip's) with zombies on them you'd wind up >> blacklisting every isp in existence... rbl's don't do >> that because they know it's pointless... > > DNSRBL's do exactly that. They blacklist IP addresses. Individual IP > addresses. yeah, that's real useful in the dynamic ip world of home users where most zombies are found... >> isp's try to stomp out the zombies on their networks > > These days, few if any ISP's do that. in my part of the world they do... >>>> and yet ocr spam filters have been effective against >>>> many of those image spam techniques... >>> Can you point to any web-resource that corroborates that >>> statement? >> http://www.virusbtn.com/spambulletin...sb200611-image > > Interesting page, but I see no examples of slightly-rotated text that > is common in most image spams these days. I'm looking at a recent > spam where the background is multi-hued blue and the text is in red > letters (Discount Pharmacy online) the drug names are in white > (Viagra, Cialis, Ambien, etc) and the prices are in orange-yellow > ($2.00 mostly). > > As these images comes closer to replicating captcha, the OCR software > will have no chance. well, i'm no ocr spam filter developer... i just see a bunch of techniques that one might naively assume would foil ocr but which ocr has none-the-less overcome so when you say that rotation is one that ocr can't overcome i'll have to take a page out of your book and ask if you've got a web-resource that corroborates that statement... (and frankly, when i was working in face recognition, slight rotation was not a problem so i don't see why it should be a problem for character recognition) -- "it's not the right time to be sober now the idiots have taken over spreading like a social cancer, is there an answer?"