Span exploit for spam
An interesting spam made it through my GMail filters today. Some if it’s code looks like this:
<div><font face\u003d\"Arial\" size\u003d\"3\">\n<div>Hello,</div>\n<p><strong>B<span style\u003d\"font-size:10px;float:right;color:#000000\"> pj </span>rand new 2007 re<span style\u003d\"font-size:10px;float:right;color:#000000\"> tj </span>plic<span style\u003d\"font-size:10px;float:right;color:#000000\">\n zi </span>a watch<span style\u003d\"font-size:10px;float:right;color:#000000\"> pn </span>es - </strong><br>Express wor<span style\u003d\"font-size:10px;float:right;color:#000000\"> pt </span>ldwide sh<span style\u003d\"font-size:10px;float:right;color:#000000\">\n rp </span>ippin<span style\u003d\"font-size:10px;float:right;color:#000000\"> cz </span>g available!</p>\n<p><strong>LIM<span style\u003d\"font-size:10px;float:right;color:#000000\"> zp </span>ITED TIME OF<span style\u003d\"font-size:10px;float:right;color:#000000\"> zb </span>FER:
…And so on. The message shows up something like this:
Hello,
B pj rand new 2007 re tj plic
zi a watch pn es -Express wor pt ldwide sh
rp ippin cz g available!LIM zp ITED TIME OF zb FER:
The spammer has used the spans to insert random, garbled text into his message to confuse the spam filters, which are looking for keywords. But at the same time, his message is very clearly human-readable. Try slowly highlighting the text above to see how the message jumps from left to right.
Fairly clever. Beat the Google filters, which are about the best I’ve seen. I’d like to congratulate the spammer for ingenuity before inviting him to die in a fire. Hopefully this kind of exploit will be accounted for soon.
