Hash buster
Encyclopedia
A hash buster is a program
which randomly adds characters to data for the data's hash sum to be different than if the characters were not added.
This is typically used to add words to spam
e-mails, to bypass hash filter
s. As the e-mail's hash sum is different from the sum of e-mails previously defined as spam, the e-mail is not considered spam and therefore delivered as if it were a normal message.
Hash busters can also be used to randomly add content to any kind of file until the hash sum becomes a certain sum. In e-mail context, this could be used to bypass a filter which only accepts e-mails with a certain sum.
Initially spams containing "white noise" from hash busters tended to simply exhibit 'paragraphs' of literally random words, but increasingly these are now appearing somewhat grammatical. Interestingly many of the examples appearing around the summer of 2006 are distorted in ways which render the links to the desired advertising sites unusable, for example substituting "001" for "www". This may be a 'good' technique for avoiding a filter, but is disastrous for leading novice-users to websites. Additionally much of the embedded HTML
code, as well as any MIME
-encoded attachments, is scrambled and distorted by the process, again *decreasing* the true effectiveness of the spam.
It stands to reason that hand-coded spams would not be finalised in this way, so one possible theory is that the newer hash busted spams are being sent by self-altering trojan horses
rather than by human users.
It seems that many of these are derived originally from "fake replica" spam systems (which might give a clue as to the identity of the mutating trojan).
There seems to be an "evolutionary arms race" between clever spam and clever filters, but it's always formerly been assumed that this involved human operators at both ends. On the contrary, Bayesian filters "self-amend" based on the average content of 'solicited' incoming mail and it seems likely that these spam-sending trojans are also mutating in partly random ways.
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
which randomly adds characters to data for the data's hash sum to be different than if the characters were not added.
This is typically used to add words to spam
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
e-mails, to bypass hash filter
Hash filter
A hash filter creates a hash sum from data, typically e-mail, and compares the sum against other previously defined sums. Depending on the purpose of the filter, the data can then be included or excluded in a function based on whether it matches an existing sum.For example, when a message is...
s. As the e-mail's hash sum is different from the sum of e-mails previously defined as spam, the e-mail is not considered spam and therefore delivered as if it were a normal message.
Hash busters can also be used to randomly add content to any kind of file until the hash sum becomes a certain sum. In e-mail context, this could be used to bypass a filter which only accepts e-mails with a certain sum.
Initially spams containing "white noise" from hash busters tended to simply exhibit 'paragraphs' of literally random words, but increasingly these are now appearing somewhat grammatical. Interestingly many of the examples appearing around the summer of 2006 are distorted in ways which render the links to the desired advertising sites unusable, for example substituting "001" for "www". This may be a 'good' technique for avoiding a filter, but is disastrous for leading novice-users to websites. Additionally much of the embedded HTML
HTML
HyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....
code, as well as any MIME
MIME
Multipurpose Internet Mail Extensions is an Internet standard that extends the format of email to support:* Text in character sets other than ASCII* Non-text attachments* Message bodies with multiple parts...
-encoded attachments, is scrambled and distorted by the process, again *decreasing* the true effectiveness of the spam.
It stands to reason that hand-coded spams would not be finalised in this way, so one possible theory is that the newer hash busted spams are being sent by self-altering trojan horses
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
rather than by human users.
It seems that many of these are derived originally from "fake replica" spam systems (which might give a clue as to the identity of the mutating trojan).
There seems to be an "evolutionary arms race" between clever spam and clever filters, but it's always formerly been assumed that this involved human operators at both ends. On the contrary, Bayesian filters "self-amend" based on the average content of 'solicited' incoming mail and it seems likely that these spam-sending trojans are also mutating in partly random ways.