The Channel logo


By | Darren Pauli 12th September 2014 07:31

spɹɐʍʞɔɐB writing is spammers' new mail filter avoidance trick

Sexe.doc? More like Scod.exe

Spammers are writing emails backwards in an attempt to sneak past spam filters, security researcher Brian Bebeau has found.

The pests were using left-to-right override code intended to facilitate the use of bi-direction text, such as a document that included English and Hebrew.

The Trustwave researcher said the tactic had a good chance of slipping past spam filters.

"[Phishers] use it to reverse the email text in an attempt to bypass spam content filters," Bebeau wrote.

"While some content filters might check for generic phrases like 'Dear customer', they probably won’t be looking for the reverse text.

"Likewise, 'woleb knil eht no kcilc' will probably not get a second look, unlike 'click on the link below'."

Phishers had also applied the tactic to sections of filenames in order to obfuscate the extension and slip malware past scanners. This meant 'PAYLOADexe.doc' would become PAYLOADcod.exe.

"Instead of reading a Word document, you would install malware," Bebeau said.

Spammers have employed a host of trickery to slip past mail filters and proliferate wares over social media. Virus Bulletin maintained the Spammer's Compendium that listed many of these tricks.

Many of the tactics were put to use when large caches of email addresses surfaced on the public web as a result of breaches. The money generated from spamming oiled the wheels of large and co-ordinate cybercrime operations. ®

comment icon Read 71 comments on this article or post a comment alert Send corrections


Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral


STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'