Snowshoeing: small-batch spam that's less targeted than spear-phishing


#1

[Read the post]


#2

How about an email plugin that proxies every link given in an email to a third-party page that’s able to pre-scan the original link in order to ensure that it’s not malicious.

But…then you’d have to have a proxy system to check the first proxy to ensure it’s being honest and properly scanning the pages.

The Internet=World’s Greatest Game of Whack-a-Mole


#3

The article says:

This increasingly popular technique is known in the industry as “snowshoe” spam. (The name refers to the small footprints it leaves.)

Traditionally, ‘snowshoe spammers’ are spammers who shift continuously from one IP address to another. The idea is that – just as a snowshoe spreads the wearer’s weight over the snow so that they don’t sink in – using a range of IPs ‘spreads’ the spammer’s profile over the whole IP range. Individual IP addresses used by the spammers are likely to get blacklisted but by the time that happens, they’ve moved to another.

The difference is that in the ‘traditional’ use of the term (which is several years old), a snowshoe spammer can send spam in very large volumes from one source before they abandon a contaminated IP or domain name and move on. This article, on the other hand, seems to be talking about very low-volume spam, which is at least loosely targeted. I think these are two separate tactics, and it’s misleading to refer to them both by the same name.


#4

I thought the whole idea with snowshoes was to create a much LARGER footprint so that you can pretend to be Legolas. A smaller footprint would be something like, what, stilts? A pogo stick?


#5

That was my thought as well, but I suppose the depth that you sink into the snow is the important parts as far as walking goes, so a snowshoe would have a much shallower footprint by that criteria.
Also, congratulations to Bloomberg for finding a name that makes me dislike spam more, “artisanal spam”, nice.


#6

This topic was automatically closed after 5 days. New replies are no longer allowed.