Abstract
In this chapter, we demonstrate a vulnerability in existing content-based message filtering methods, showing how an attacker can use a simple obfuscator to modify any message to a homograph version of the same message, thereby avoiding digest and signature based detection methods. We measure the success of this potential attack, showing a total success against Hotmail, Gmail and Yahoo mail. While the attack is bothersome both in terms of its simplicity and its success, it is also easily countered. We describe some computationally practical countermeasures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
This, of course, should only be done to emails that “appear as Latin-character emails”—for emails appearing to be written in Cyrillic, but containing some Latin characters, the mapping would have to be made from Latin to Cyrillic.
References
M. Jakobsson, W. Leddy, AI vs. the Phishers, in IEEE Spectrum Magazine (2016)
M. Jakobsson, G. Stewart, Mobile malware: why the traditional AV paradigm is doomed, and how to use physics to detect undesirable routines, in BlackHat (2013)
M. Jakobsson, T.-F. Yen, How vulnerable are we to scams? in BlackHat (2015)
C. Liu, S. Stamm, Fighting Unicode-Obfuscated Spam, in APWG eCrime Researchers Summit (2007)
S.H. Somanchi, The mail you want, not the spam you don’t. https://gmail.googleblog.com/2015/07/the-mail-you-want-not-spam-you-dont.html (2015)
Unicode Technical Standard 39: Unicode Security Mechanisms, http://www.unicode.org/reports/tr39/ (2016)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media New York
About this chapter
Cite this chapter
Dhiman, M., Yen, TF., Jakobsson, M. (2016). Obfuscation in Spam and Scam. In: Jakobsson, M. (eds) Understanding Social Engineering Based Scams. Springer, New York, NY. https://doi.org/10.1007/978-1-4939-6457-4_6
Download citation
DOI: https://doi.org/10.1007/978-1-4939-6457-4_6
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4939-6455-0
Online ISBN: 978-1-4939-6457-4
eBook Packages: Computer ScienceComputer Science (R0)