Base64 madness
Posted to www.marxmail.org on September 21, 2005
Some months ago, I began receiving Penny Stock Newsletter spam on a daily basis, sometimes up to 3 or so. (See below for example.)
Like most ISP providers, Panix runs something called spamassassin that weeds out the huge majority of spam. Unlike most other providers, however, Panix allows you to connect directly to their Unix server and run commands from the $ command line that Les and I find useful for maintaining Marxmail.
One of these commands is procmail, a mail preprocessing program that will allow you, for example, to send out email informing the sender of email that you are on vacation. Another use for procmail is to filter out spam, something that most people relied on before the advent of spamassassin. Procmail weeds spam out at the source so you wont even have to deal with it upon arrival in Eudora, Outlook or other client based email programs.
Heres a typical procmail recipe:
0:
v1agra
/dev/null
This says if you get an email with v1agra, throw it away.
So when I started getting the penny stock spam, I tried this to no avail:
0:
st0ck
/dev/null
(Youll note that spam usually disguises words like viagra or stocks. The reason I felt safe in looking for st0ck is that I assumed nobody on PEN-L or Marxmail would use this perverse spelling.)
However, the spam kept evading my filter. My first reaction was to assume that I had encoded the test wrong, so I called up Panix and asked them to look at my test. They advised some minor changes (which wouldnt have had any effect), but they didnt work either. This is the sort of thing that drives me nuts as a professional programmer. Even though it only takes a half-second to delete the spam from my incoming mail, I dont like the idea that I dont have the power to control my environment.
That led me to subscribe to the procmail mailing list, where I learned from Dallman Ross, one of the list gurus and a Panix user himself, that the penny stock spam was probably using base64 encoding and therefore eluded normal tests.
For a useful discussion of base64, you can go to http://en.wikipedia.org/wiki/Base64, which begins:
Base 64 literally means a positional numbering system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for email among other things. All well-known variants of base 64 use the characters AZ, az, and 09 in that order for the first 62 digits but the symbols chosen for the last two digits vary considerably between different systems that use base 64.
For an idea of what one of those base64 encoded penny stock newsletters looks like in the original, go to: http://www.columbia.edu/~lnp3/base64.sample
Base64 encoding is the latest gimmick that spammers employ in order to frustrate normal filtering techniques. Ricks Spam Digest has a useful discussion of how this is done: http://www.rickconner.net/spamweb/analysis01.html
Once I began to develop a sense of being under siege from this crap, I started to look at it more closely. I soon discovered something highly perverse about it, namely that many of the companies being hyped probably dont exist, or at the very least dont have websites-which makes you feel suspicious about whether they exist or not. One of them, Vinoble, Inc, has a zillion links when you google it but none to a company website. I should add that when I did get spam for a company that does have a website, I would mailbomb the CEO with the spam I had received hyping his company. That shows you how nuts I had become. I didnt even know if they were responsible, but I wanted them to share the feeling of being violated.
I guess I had a stronger reaction to this crap than I would to viagra or home mortgage spam. I got out of the stock market a month after the 1987 crash and the last thing I want to be bothered with is offers to buy penny stocks. Wrapping stock market sales pitches in base64 code will bring out the Travis Bickle in me.
I finally came up with a solution this morning that combines spamassassin and procmail. It turns out that spamassassin correctly identifies the spam as MIME_BASE64_TEXT, but it only factors this in with other tests in order to come up with an aggregate score. So, it might add .5 for the presence of base64 enoding, but come up with only 1.3 for other tests. Since anything that scores less than 2.0 is not considered spam, it will end up in my mailbox-including the penny stock stuff. So I went ahead and began looking for MIME_BASE64_TEXT in procmail and discarding it. So far, it is working like a charm.
My next door neighbor had to take his computer in for repairs. When his daughter came to visit him this summer, she began downloading games that were infected heavily with adware and viruses. The Internet is beginning to look more and more like a minefield, with anti-social elements doing everything they can to ruin it for the rest of us. It is a little bit like sitting in a library trying to study while the person at the next table is listening to heavy metal played at full volume on a boombox.
====
Hot_St0ck Newsletter - August Issue, 2005
************************************
In August's issue we are going to profile a company involved in the Red Hot
homeland security sector. This company's st0ck is very much undervalued
considering the potential of the industry and the position of the company.
(The perfect time to get in)
This small treasure is: VNBL (Vinoble, Inc.)
Today the price went up +29.41%
Please watch this one open tommorow and ALL WEEK!!
You may want to Act very early!!
This st0ck is trading at only O.11 cents and we expect it could hit
$0.30 - $0.35 by late September.
A Huge PR campaign will be this week so grab as much as you can up to $0.25
range. We all know it's the big announcements that make these small gems
move.
st0ck Symbol: VNBL .
Current Price: $O.11
The Price went up +29.41% today, and this is just the beginning of the campaign
Please watch this one open tommorow and ALL WEEK!!
We expect the price to go to $O.18 in next 2-3 days
We expect the price to go to $O.3O in next 3 weeks.
About the company:
Vinoble, Inc. is a holding company, which is identifying and acquiring
operational business opportunities in the areas of homeland security,
security information systems, and other security services to provide long
term growth for its shareholders. Vinoble believes that the opportunity to
build a successful business in the security sector is unprecedented.
The terror attacks on the
the security landscape for the foreseeable future. Both physical and logical
security have become paramount for all industry segments, especially in the
banking, healthcare and government sectors. While the focus for Vinoble is
on
According to Giga, a wholly owned subsidiary of Forrester Research,
worldwide demand for information security products and services is set to
eclipse $46B by 2O05.
Vinoble intends to capitalize on the dramatic growth in the security market
by delivering professional services, security products, security training,
and managed security services. In pursuit of this objective, Vinoble has
assembled a highly qualified team of security professionals offering a full
range of security services. Through Vinoble's consulting services and
integrated delivery solutions, Vinoble will help organizations protect key
assets including persons, property, information, brand, and reputation.
***Why we believe VNBL will give big returns on investment***
* At this time much of VNBL's focus is on RFID (Radio frequency
identification) technology. This is technology which uses tiny sensors to
transmit information about a person or object wirelessly.
* VNBL is developing a form of RFID technology which allows companies and
governments to wirelessly track their assets and resources. Such technology
has HUGE potential in the protection and transportation of materials
designated "High Risk" were they to fall into the wrong hands.
* VNBL works on integration of the two afore mentioned systems in order to
create "High Security Space" in locales where it is deemed necessary.
Locations which may take advantage of such systems are airports, sea ports,
mines, nuclear facilities, and more.
***N E W S***
Vinoble's latest strategy involves applying their RFID technology to the
mining and petrochemical industries. To this end they have agreed to
purchase a mining property with which they plan to develop and test their
technologies and systems. Read this latest press release to learn more:
News), a holding company seeking to identify long-term growth opportunities
in the areas of homeland security, security information systems, and other
security services, is pleased to announce that pursuant to its news release
dated July 8, 2005, where the Company agreed to purchase mining property in
the Red Lake District, has
initiated a 43-101 report on the
Property.
The Hazard property will serve as a valuable tool for Vinoble, in asset
value and, in addition, it will serve as a testing and demonstration
location for RFID and GPS applications. RFID and GPS technology will be a
valuable tool for the mining industry and will offer protection of our
country's natural resources and commodities against threat.
Additionally, the Company is currently seeking other opportunities to add
value to its property holdings through acquisition. Vinoble views the
additional assets will provide the Company and its shareholders a
much-improved increase in shareholder value.
stoc.k
Symbol: VNBL .
Current Price: $0.11
We expect the price to go to $0.18 in next 2-3 days
We expect the price to go to $0.30 in next 3 weeks.
Please watch this one trade on ALL WEEK!
_______________________________________
Information within this email contains "f0rwardlo0king st4tements" within
the meaning of Section 27A of the Securities Act of 1933 and Section 21B of
the Securities Exchange Act of 1934. Any statements that express or involve
discussions with respect to predictions, goals,expectations, beliefs, plans,
projections, objectives, assumptions or future events or performance are
not statements of historical fact and may be "f0rwardlo0king st4tements."
f0rwardlo0king st4tements are based on expectations, estimates and
projections at the time the statements are made that involve a number of
risks and uncertainties which could cause actual results or events to differ
materially from those presently anticipated.
f0rward_lo0king st4tements in this action may be identified through the use
of words such as: "projects", "foresee", "expects", "estimates," "believes,"
"understands" "will," "part of: "anticipates," or that by statements
indicating certain actions "may," "could," or "might" occur. All information
provided within this email pertaining to investing, stoc.ks, securities must
be understood as information provided and not investment advice.
Emerging Equity Alert advises all readers and subscribers to seek advice
from a registered professional securities representative before deciding to
trade in stoc.ks featured within this email. None of the material within
this report shall be construed as any kind of investment advice. Please have
in mind that the interpretation of the writer of this newsletter about the
news published by the company does not represent the company official
statement and in fact may differ from the real meaning of what the news
release meant to say. Look at the news release by yourself and judge by
yourself about the details in it.