Ever Wonder What a Spammer’s Template Looks Like? Wonder No More.

Spam is much more than a nuisance. It’s a tremendous source of comedy. And while you might have a hard time most days considering the email that never seems to stop a comedic wellspring, deep down you know it’s true. Spammers probably know it, too, even though we’d like to believe otherwise. After all, how many of us have vented our frustrations at spam and spammers by suggesting that their draft email messages are probably written in crayon? But we know they’re not stupid. We want them to be, but we know why they dumb down much of what they send. And some of them do stupid things, to be sure. No, no one’s suggesting that they’re all geniuses. Far from it, but they sure are funny.

SPEWS is a term we’re all familiar with, or should be. SPEWS is short for ‘Spam by Electronic Web Submission.’ In forums, especially poorly moderated ones, comments are registered automatically or semi-automatically, and that’s where spam lives like a colony of warm, festering bacteria. SPEWS are normally some sort of ego-stroking praise that spammers use to trick the moderator into thinking the spam is not spam, and the end game is to ensure that the link enclosed in the comment is accepted along with the false praise. Things like “Everyone loves it when people get together and share opinions. Great blog, keep it up!” Followed by a link, of course. We’ve all seen it, it’s nefarious, and it’s frustrating for moderators, because when comments come in fast and furious, trying to manage them is a difficult and even impossible task.

But those pesky, funny spammers are just not perfect, and when Naked Security recently got a message on their forum, it warmed our hearts to get a glimpse into the methods that spammers use when they’re out there spreading their fluff. It turns out that some SPEWS spammer submitted something to their forum, and one glance will have you raising an eyebrow. Two glances will have you laughing out loud. According to the blog post, “Looks like the spammer’s SPEWS-generator suffered a parsing error – there was a spurious-looking backslash in there that may have shielded an important delimiter from the spamming software – and sent us all their “flattery remark” templates in one giant comment.”

It gives us a unique glimpse into how the spammers operate on the backend. “There is a list of comments, separated by blank lines, each of which contains one or more alternative wordings at various points, enumerated in squiggly brackets, also known as braces, and separated by pipes, also known as vertical bars.” The SPEWS generator is supposed to choose a comment at random, then pick one of the alternatives for each choice point, and then add a URL. In the spam that Naked Security received, the spammer was promoting women’s footwear in the hopes that the post would generate revenues from click throughs. There’s even the hope that the links, even if never clicked, will boost search rankings by tricking search engines into treating the site as well connected.

Now, the humor in this is absolutely divine; but there’s far more value in this story than just a few chuckles on a Monday morning. The message received by the forum is a rare look at what spammers are doing on the backend to deliver their spam, as a comment on a web forum, as a social media post, as an email message in your inbox. Your first reaction after the initial guffaw was probably to stop and think ‘Hmm. This is pretty sophisticated in its devising.’ You’d be right to do so, and if you haven’t fully appreciated this spam template yet, take a look at the whole thing here.

When you realize how comprehensive this is and break down the structure of the template, you might even feel another sensation: an unsettled feeling. This isn’t a child’s game that we’re looking at. This is serious business. Remember, this is one single template from one single spammer pushing one single item. Just how vast and sophisticated are the networks that produce things like this? We’ve seen some pretty grim things in the world of spam and scammers; we suspect that there’s a big business aspect to spamming and cybercrime; and there’s certainly a new level of sophistication to it.

Is it funny? Sure it is. Is it dangerous? You bet. Are we better off knowing just how sophisticated these guys really are?

Of course. But it won’t make you sleep easier.