Polymorphic spam

This isn't new, but I'm seeing spam now that's more polymorphic than I've seen before.

I'll explain.

About 20 years ago, Fridrik Skulason and I were the authors of pretty much the only scanners that could make exact identification of viruses. I did it by checksumming the static ranges of the code. That meant that it was particularly important to both of us to use a single agreed name for all the viruses, and in a very long phone call one night, we got that all nailed down.

At the same time, we agreed a few technical terms, and "polymorphic" was one of them. THis is the word we used for viruses that were encrypted, and the decryptor was highly variable, so that if you put two instances of the virus side by side, you couldn't see any common string of bytes. That cause many scanners a problem (including mine), until I developed a thing I called the "Generic decryption engine" (but that's a story for another time).

Here's what polymorphic spam looks like:

 How to get USD 1`000`000`000 in flicks production investment? As like an
manager who snaped 42% of L. Gate and got USD 1 Bill you fund small studios.
The deal precisely like that is GTR_L. This pick shows all signals to grow.
Don't sleep until traders capture big profits trading unknown players. Trade
fast begin buying 130'000 shares of GTR_L on May, 13!

How to earn $1`000`000`000 in flicks field funding?! As like an
financer who snaped 40% of L. Gate and earned USD 1 Billion you
purchase new firms. The player acurately like this is G T RL. This deal
presents all indicators to explode! Don't sleep until others make huge
money grabing small companies. Trade now begin purchasing 180'000
shares of G T RL on Monday May 13.

How to get USD 1 Bill in film business funding? Just like an manager who
bought 30% of Lions Gate and profited USD 1 Bill you fund newer studios. The
company precisely like this is GTR_L. This pick presents all signs to
explode! Don't wait until traders make massive dollars purchasing newer
firms. Buy now begin buying 100'000 shares of GTR_L on May 13th.

How to profit USD 1 Bill in cinematic business investment?! Just
like an adviser who purchased 21% of Lions Gate and profited
$1`000`000`000 you fund newer firms. The studio exactly like this
is G_T_R_L. This pick shows all indicators to skyrocket! Don't
hesitate while traders earn big money purchasing new studios. Add
fast start adding 150`000 shares of G_T_R_L on May 13.

How to profit USD 1'000'000'000 in cinematic production investment?!
Just like an manager who got 34% of Lions Gate and got $1000000000
you invest newer players. The pick acurately like this is G_T_R L.
This company presents all signals to skyrocket! Don't hesitate until
traders get huge money grabing small firms. Act now begin adding
150000 shares of G_T_R L on Monday May 13!


How to profit USD 1`000`000`000 in flicks business funding? As like an
adviser who bought 22% of L. Gate and earned USD 1000000000 you fund
unknown players. The firm exactly like that is G_T RL. This player
presents all fundamentals to grow. Don't sleep before brokers get
massive money purchasing new companies. Buy asap start buying 170000
shares of G_T RL on Monday, May 13th, 2013!

How to make USD 1000000000 in film business investment? As like an investor
who bought 37% of Lions Gate and got USD 1'000'000'000 you fund unknown
players. The pick precisely like this is G T_R L. This stock displays all
signals to explode. Don't sleep before financers earn big dollars buying
newer players. Add today start adding 140000 shares of G T_R L on Mon May
13th 2013!



And so on, and so on. As you can see, it's difficult to pick a series of words that reliably flags this spam. And, of course, this is being sent out by a botnet, which means that each email comes from a different place.

So how to deal with it?

It's not as bad as you might think. The two possibilities "Lions Gate" and "L. Gate" works quite well. Or you could look for "GTRL" without spaces or underlines. And, unlike with viruses, it's not really a big deal if you fail to spot the occasional spam.

On the other side, the spammer has made his campaign significantly less effective because most of the emails that are being sent, are pretty much incomprehensible.

By the way, this is a "pump and dump" scam, in case you were wondering.