- Hash buster
A hash buster is a program which randomly adds characters to data in order for the data's
hash sum to be different than if the characters were not added.This is typically used to add words to spam e-mails, in order to bypass
hash filter s. As the e-mail's hash sum is different from the sum of e-mails previously defined as spam, the e-mail is not considered spam and therefore delivered as if it were a normal message.Hash busters can also be used to randomly add content to any kind of file until the hash sum becomes a certain sum. In e-mail context, this could be used to bypass a filter which only accepts e-mails with a certain sum.
Initially spams containing "white noise" from hash busters tended to simply exhibit 'paragraphs' of literally random words, but increasingly these are now appearing somewhat grammatical. Interestingly many of the examples appearing around the summer of 2006 are distorted in ways which render the links to the desired advertising sites unusable, for example substituting "001" for "www". This may be a 'good' technique for avoiding a filter, but is disastrous for leading novice-users to websites. Additionally much of the embedded
HTML code, as well as anyMIME -encoded attachments, is scrambled and distorted by the process, again *decreasing* the true effectiveness of the spam.It stands to reason that hand-coded spams would not be finalised in this way, so one possible theory is that the newer hash busted spams are being sent by self-altering trojan horses rather than by human users.It seems that many of these are derived originally from "fake replica" spam systems (which might give a clue as to the identity of the mutating trojan).
There seems to be an "evolutionary arms race" between clever spam and clever filters, but it's always formerly been assumed that this involved human operators at both ends. On the contrary, Bayesian filters "self-amend" based on the average content of 'solicited' incoming mail and it seems likely that these spam-sending trojans are also mutating in partly random ways.
External links
* [http://searchcio.techtarget.com/sDefinition/0,,sid19_gci917491,00.html searchCIO.com Definitions]
Wikimedia Foundation. 2010.