« Emergent Behavior and the internet | Main | Textorizer »

April 09, 2006

Betsy Markum and the 5 digit spammers

I got this post from Betsy Markum on one of my web pages recently:

I can't believe it, my co-worker just bought a car for $70815. Isn't that crazy!

The comment had nothing to do with the post. Racansky got me on the right track with a google search. It's spam, but it's curious because there are no links in the spam. So, I assume their goal is to gather email addresses. In any event, it's spam. This post by Peter Kaminski suggests that there are other email spams out there that are similar. The thing they have in common is a random five digit number. So, I'm adding the following to my spamlookup keyword filter to moderate comments:

# five-digit spammers
/\b\d{5}\b/

Technorati tags:
Delicious tags:

Folksonomy:These icons link to social bookmarking sites where readers can share web pages.
 digg  Furl  Spurl  Reddit  blinkbits  BlinkList  blogmarks  connotea  De.lirio.us  Fark  feedmelinks  LinkaGoGo  Ma.gnolia  NewsVine  Netvouz  RawSugar  scuttle  Shadows  Simpy  Smarking  TailRank  Wists  YahooMyWeb

Posted by Peenie Wallie on April 09, 2006 at 11:17 AM

Comments

I can't believe it, my co-worker just ... oh, never mind.

Posted by: Brendan on May 31, 2006 at 12:46 AM

02134

Posted by: Some Dude on May 31, 2006 at 01:28 AM

Um, that filter won't work - the dollar sign won't match for \b.

Posted by: not Bersy on May 31, 2006 at 01:40 AM

So, it would block a random number like 89957?

Posted by: Phill on May 31, 2006 at 04:49 AM

Um....the filter does work. Get over it. I allowed your comments to post, but the filter did catch them and flag them for moderation because they have 5 digit numbers in the comments. Find something else to do, people.

Posted by: Peenie Wallie on May 31, 2006 at 07:05 AM

ALERT! ALERT! Sense of humour deficiency detected....

Posted by: Carl on May 31, 2006 at 07:21 AM

I must be dim since no one else asked this, but how does posting random spam comments without links allow them to collect email addresses?

I think a more likely theory is that they're seeing what blogs will approve their posts and flag their email address as valid (like Movable Type used to do), and then they'll move back in some time later and do their pagerank floods.

Posted by: lackner on May 31, 2006 at 09:03 AM

I also think the random number might be used for the spammer to use for a later search, to determine which blogs have been compromised. Then the spammer can easily tell which blogs to target.

Posted by: Dave Munger on May 31, 2006 at 11:06 AM

This doesn't go far to explain why they are using 5 digit numbers. Why not 8 or 11?

Posted by: Steve on June 05, 2006 at 09:34 PM

Has anyone else been getting emails that only contain numbers (between 3 to 6) in the subject and body??
the weird thing is the from address is the same as the destination address ie spoofed.
Several users at work got these messages today, and while i am sure the users dont have a virus, its hard to convince them of that when i cant explain the source or reason for the email.
I have started a discussion on google groups.

Posted by: Greg on June 07, 2006 at 06:02 AM

While an 8 or 11 digit number might be easier to trace, most moderators will flag a number that large. Think aobut it, how many times in daily life do you come across a number that large? Unless you are calculating the US deficit or the cost of the war on terror, it doesn't happen too often.

Posted by: David C on June 07, 2006 at 04:23 PM

Greg,
Thanks for your post. I got an email yesterday to me from me with subject = '557' and message (body text) = '5556'. WTF?

Posted by: Peenie Wallie on June 09, 2006 at 09:18 AM

OK, That's weird - I got one of those emails from me to me yesterday, as well.

Posted by: Gary on June 10, 2006 at 11:14 AM