All:
I've run across a new text obfuscation method in active use by spammers.
It appears to be an attempt to bypass RE-based text matching of words.
Rules you write will need modification to not be spoofed by this.
Unfortunately the RE engine considers the underscore as being a "word"
character, so a rule like /\bthis advertisement\b/ can be defeated by
replacing the spaces in the sentence with underscores. This is still
readable to a human but foils the word-boundary check.
Recommendation: instead of a bare \b, use (?:\b|_) and instead of embedded
spaces use [-_\s]
Examples:
Manage_advertising_preferences_here
To_remove_yourself_from_this_admail,_please_do_so_here
Be_removed_from_this_important_offer
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
*Your* lack of self-control does not give you the authority to
dictate limitations on *my* freedom.
-----------------------------------------------------------------------
Tomorrow: the 70th anniversary of D-Day
