Experts at SophosLabs™ identify Cialis as the top word spammers most commonly try to disguise

March 22, 2005 Sophos Press Release

Lynnfield, MA - Sophos, global leader in network security, releases a report identifying the words that spammers most commonly include in their marketing messages but attempt to hide from anti-spam software. Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, reveal that two of the top three most commonly used words are healthcare drugs, Cialis and Viagra.

Today, the vast majority of spammers use tricks in an effort to disguise words within their email messages to avoid getting blocked by anti-spam software at the email gateway.

"Spammers have a dilemma, they want to sell certain products or include certain phrases in their spam emails, but they also know that many people will have filters looking for those words," explained Gregg Mastoras, senior analyst at Sophos. "Of the top 25 words on the list, 40% are pharmaceutical related words including Cialis, which is the top word spammers try to disguise. Every day words like shipping and online make up 48% of the top 25 while sexually explicit words make up approximately 14% of the top 50 words on the list."

According to John Graham-Cumming, spam expert and author of the mail classification tool POPFile, 80% of spam incorporates trickery or obfuscation. These tricks can be as simple as deliberately misspelling a word, or using a zero instead of the letter "o" to much more sophisticated techniques that exploit the power of HTML email.

In an effort to determine which words are being most obfuscated, experts at SophosLabs, analyzed words based on the frequency level in which they were used in spam email to determine which words have been most obfuscated. SophosLabs estimates that more than 30% of spam it received contained URLs relating to healthcare ads such as drug offers and more than 20% of URLs received had offensive content within the message.

Sophos has seen a steady rise in the number of obfuscated words in email messages. For instance in this report, Sophos calculated that there are now 5.6 billion different ways in which the word "Viagra" can be obfuscated in a spam email.