繼 GIF Spam 後, 最近出現了新型的 PDF Spam, Email 都附一個 PDF 檔, 內文經過防 OCR 處理.
一開始我跟這篇文章的作者一樣, 以為是 Acrobat Reader 或其他 PDF reader 爆出 exploit, 使 PDF 可以夾帶惡意程式到客戶端執行.
PDF Spam
Categories:
1 Comments
Leave a comment
Categories
Monthly Archives
- March 2009 (8)
- February 2009 (7)
- January 2009 (14)
- December 2008 (15)
- November 2008 (12)
- October 2008 (9)
- September 2008 (10)
- August 2008 (13)
- July 2008 (28)
- June 2008 (17)
- May 2008 (13)
- April 2008 (15)
- March 2008 (7)
- February 2008 (5)
- January 2008 (2)
- November 2007 (4)
- October 2007 (8)
- September 2007 (7)
- August 2007 (3)
- July 2007 (10)
- June 2007 (4)
- May 2007 (5)
- April 2007 (9)
- March 2007 (11)
- February 2007 (7)
- January 2007 (4)
- December 2006 (9)
- November 2006 (14)
- October 2006 (10)
- September 2006 (9)
- August 2006 (6)
- July 2006 (15)
- June 2006 (22)
- May 2006 (17)
- April 2006 (13)
- March 2006 (18)
- February 2006 (10)
- January 2006 (28)
- December 2005 (17)
- November 2005 (15)
- October 2005 (18)
- September 2005 (24)
- August 2005 (39)
- July 2005 (14)
- June 2005 (22)
- May 2005 (32)
- April 2005 (27)
- March 2005 (32)
- February 2005 (20)
- January 2005 (38)
- December 2004 (49)
- November 2004 (38)
- October 2004 (24)
- September 2004 (23)
- August 2004 (38)
- July 2004 (39)
- June 2004 (38)
- May 2004 (17)
- April 2004 (32)
- March 2004 (15)
- February 2004 (6)
- January 2004 (19)
- December 2003 (19)
- November 2003 (15)
- October 2003 (15)
- September 2003 (12)
- August 2003 (20)
- July 2003 (26)
Search
March 2009
About this Entry
This page contains a single entry by Pank published on July 7, 2007 11:12 AM.
PDF XChange Viewer was the previous entry in this blog.
Microsoft Network Monitor is the next entry in this blog.
Find recent content on the main index or look in the archives to find all content.
PDF SPAM又叫『PDF stock spam』 是Image spam+社交工程(猜測人心用以詐騙)的應用,PDF spam是國外用來炒股製造假內線交易消息的伎倆....基本上跟image spam類似
對於Image spam 如果對抗其災害方向還是以”內容過濾”的方法著手 (用OCR也是迷失在內容過濾的誤導)…,那會更迷失在spammer引發的垃郵戰ㄛ~
重點是:
『垃圾郵件與正常郵件最大的分野在”行為”不在”內容”,其關鍵是”造假”』
Spammer的技術發展,就是針對藉著『愚弄』內容過濾(Contents Filter)式的Antispam 的為方法, 因為其最大的問題是抵擋Spam的技術是用『內容』來過濾
,從上例我們可以簡單發現若以”內容”過濾為主要核心技術來抵擋Spam的話,只要將內容扭曲變型 - 將內容『我變,我變,我變變變』,
無論你的contents filter加入千百條rule都無法抵檔spammer的內容扭曲變型!隨著技術的進步,所謂道高一尺,魔高一丈,spammer也在思考如何避開過濾成功滲透(其實多為閃躲內容過濾),
聰明的spammer發現內容過濾的盲點,於是乎用『以子之矛,攻子之盾』的方法,乾脆把所有內容把文字改成圖像吧,看看你怎麼濾? 於是乎圖片式垃圾郵件產生。
因為郵件的廣告內容全部做成圖片,這樣一來就能避開那些使用內容過濾文本內容的防堵軟體的偵測,這也算是一種視破吧?! (內容過濾的罩門被視穿因此就破功了…)
於是乎使用內容過濾技術的防堵軟體廠商,紛紛出來為自家的產品解套,為內容過濾找尋一個讓人可以接受的出路-OCR, 廠商宣稱可以將圖片內容使用OCR(光學辨識技術)將圖片內的文字圖形轉換成文字,再進一步加以過濾。這個理論並沒有錯,但實質上只是製造話題來誤導了大眾,當垃圾郵件內容改以圖片表示時,筆者相信圖片裡的文字並不會”規規矩矩”的放在圖片裡,讓OCR很精準的辨識出文字,多加幾個簡單的步驟,比如將影影像扭曲、傾斜、交錯、對比、切割、位移、比例、色彩或是特效,就能讓OCR的辨識效果大為下降,這些步驟並不難,影像處理軟體幾個命令就解決了。
所以OCR,內容過濾都是治標的方式,治本的方式還是從spammer的行為去分析,那不管它是image spam或pdf spam都一樣難逃囉~~
看看這篇文章就會有進一步的了解…
詳文參考:
http://tw.myblog.yahoo.com/jw!VwoDla2BGw7J5VsLorS0aTXs/article?mid=2&pk=antispam
或
http://www.green-computing.com/ooweb/news/news_01_detail.php?chgid=16
>