One of the methods listed there is called “Ze Foreign Accent” spam or (BWO!Accent!Plain).
The main characteristic of this method is the usage of special characters called “accents”. They make no sense in English, but they exist in other languages like French, German, Romanian, and others.
We haven’t seen this kind of spam in the wild for many years now because it was very easy to detect (due to the heavy usage of special characters). So you can imagine our surprise to see this technique pop up again in a spam message.
What makes “Ze Foreign Accent” spam so special?
This spam is special because it combines various methods described in “The Spammer Compendium”:
- Whiter Shade of Pale – TA!Pale!HTML and Invisible Ink – GWI!Invisible!HTML – the insertion of characters colored just like the background so that they can’t be visible in an email client.
- Ignore the smallprint – TA!Smallprint!HTML and Honey, I shrunk the font – GWI!ShrunkFont!HTML – the insertion of small formatted characters instead of white spaces.
- The classical insertion of random pieces of text that makes no sense, in order to confuse the Bayesian spam filters.
The first two techniques are immediately visible once the body of the email is selected (see picture).
Additionally, the spam is addressing the recipient of the email by full name taken from the “From” field. The subject of the email is “Re: Mrs. Amalee Crigger LIKED <full name> and left a new MESSAGE for <full name>”. This is easy to implement, of course, but it requires more information and CPU power in order to create the dedicated message.
What should you do?
We said it back then, we keep saying it now: never click on links in spam messages. You never know what hides behind that URL: malware, phishing, identity theft, scams, etc.
If your spam filter didn’t catch the spam and you see something that looks rather strange, just like “Ze Foreign Accent” spam, erase it.
The post “Ze Foreign Accent” spam is back appeared first on Avira Blog.
