Dot dot dot dot



  • I just got an email into my spam filter. I looked at it and decided that part of it had to be posted. This same error happens at the beginning and the end of the email....

     

    Tuesday, February 06 2007 1:09 PM, EST   LOM Logistics Site www (dot)(dot)|dot|(dot)(dot)(dot)(dot)(dot)(dot)(dot)(dot)(dot)(dot)|dot|(dot)|dot||dot||dot||dot||dot|(dot)|dot|(dot)(dot)(dot)|dot||dot||dot||dot|(dot)(dot)(dot)|dot|(dot)|dot||dot||dot||dot|(dot)|dot||dot|(dot)(dot) Livenegotiator |dot||dot||dot|(dot)(dot)|dot|(dot)|dot|(dot)(dot)(dot)(dot)|dot|(dot)|dot||dot||dot|(dot)(dot)|dot||dot||dot|(dot)|dot|(dot)(dot)(dot)|dot||dot|(dot)|dot|(dot)|dot||dot||dot|(dot)(dot)|dot||dot||dot||dot||dot|(dot) Com Receives Prelaunch Interest as Its Live Negotiating Technology is Made Available for Private Label Usage  Business Wire    "US Press Releases "



  • I got one with all those dots today, too. Didn't read the rest enough to know if it matched yours.



  • I would guess that it's Morse Code, except there are no dashes.



  • Looks like an episode of "When Regexps attack" to me.



  • It could be morse, as it contains the two separate identifiers "(dot)" and "|dot|", except it doesn't contain any separators. In morse code transmitted by audio you use longer pauses to separate characters and words.

    Each dotdotdot sequence contains 43 identifiers. If "(dot)" represents 0 and "|dot|" represents 1, you get the two bit patterns:

    0010000000000101111101000111100010111101100

    1110010100001011100111010001101011100111110

    Anyone regocnising anything? Looks pretty random to me, except that both sequences have the same length.



  • Well, if you create bytes out of them and take the remaining three bits as some checksum, you get, in hex:

    20 05 F4 78 BD checksum 4 and

    E5 0B 9D 1A E7 checksum 6
     

     



  • @Guffa said:

    0010000000000101111101000111100010111101100

    1110010100001011100111010001101011100111110

    Anyone regocnising anything? Looks pretty random to me, except that both sequences have the same length.

    <font size="-1">I don't see the code anymore; I just see blondes, brunettes, red heads...</font>



  • I figure it's some asstarded way to randomly obfuscate the . in the URL that's gone haywire. (notice www . Livenegotiator . Com )

    The whole concept boggles the mind, really. Why would someone actually willingly go through the trouble of fixing the address, and typing it in/copypasting in order to go to the site?



  • Hah.  When I saw the subject line, I wondered if it was going to be about this spam.  (Yep, I got a copy of it as well... but with different dot-patterns.)

    Seems like an attempt at spam filter avoidance gone horribly, horribly awry... 



  • This is designed to confuse spam filters that use Bayesian filters.  They work by blocking messages that match other spam received so the messages with random bits are not blocked. Each message has a different random section.

     



  • @triso said:

    This is designed to confuse spam filters that use Bayesian filters.  They work by blocking messages that match other spam received so the messages with random bits are not blocked. Each message has a different random section.

    This doesn't seem like it should be all that effective against bayesian filtering, though I suppose it depends on how the bayesian rules are constructed.  Bayesian filtering basically says "if a message shares features with messages already categorized as spam, there's a good chance it is also spam".  The question is what constitutes a 'feature'.   If the features are individual words, then using a bunch of random words is fairly effective (as long as those words don't include Viagra), but if the feature is "the word 'dot' repeated more than 20 times in one message", then it's more effective :)

    I don't really know how advanced those bayesian filter rules are though. Seems like they let some pretty obvious stuff through...

    -cw



  • lolz wtf is dat man... i was like WTF? when i saw it at first ay...yeah dats all i wantedc ta say :D


Log in to reply