It was broken code in the latest Bagel/Beagle:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.fc.ht
ml
Andrew 8)
#
This message is sent to you because you are subscribed to
the mailing list
: [sniffer] Numeric spam source has been revealed
It was broken code in the latest Bagel/Beagle:
http://securityresponse.symantec.com/avcenter/venc/data/w32.be
agle.fc.ht
ml
Andrew 8)
#
This message is sent to you
both.
Markus
Von: Message Sniffer Community
[mailto:[EMAIL PROTECTED] Im Auftrag von John T
(Lists)Gesendet: Mittwoch, 7. Juni 2006 01:26An: Message
Sniffer CommunityBetreff: Re: [sniffer]Numeric
spam
My thought is they
are either building a db of valid names or
Mabe people at Sniffer are already aware of this new type of spam. Not the
malformed mailfrom one but this with the short number and nothing else in
subject and body)
Attached are some examples from the last 8 hours. All has failed some other
tests and all has reached a final weight in order to be
Hello Markus,
Tuesday, June 6, 2006, 3:27:32 AM, you wrote:
Mabe people at Sniffer are already aware of this new type of spam. Not the
malformed mailfrom one but this with the short number and nothing else in
subject and body)
Thanks for those samples... I've coded an additional abstract for
Hi Markus -
Markus Gufler wrote:
There is also another type of spam (stock spam now with attached png image)
this morning passing our filters.
I am catching these fairly easily -
a combo filter -
#combo-stockspammer-png.txt
SKIPIFWEIGHT26
TESTSFAILEDENDNOTCONTAINS
Hello Nick,
What is your false positive rate with that pattern?
_M
Tuesday, June 6, 2006, 10:05:18 AM, you wrote:
Hi Markus -
Markus Gufler wrote:
There is also another type of spam (stock spam now with attached png image)
this morning passing our filters.
I am catching these fairly
10:05 AM
Subject: Re: [sniffer]Numeric spam topic change to png stock spam
Hi Markus -
Markus Gufler wrote:
There is also another type of spam (stock spam now with attached png
image)
this morning passing our filters.
I am catching these fairly easily -
a combo filter -
#combo
Pete McNeil wrote:
Hello Nick,
What is your false positive rate with that pattern?
Hmm lets go to the MDLP for yesterday :)
SS HH HS SH SA
SQ
REGEX.STOCK.BODY 331 0 0 66 0.667506 0.445565
COMBO.STOCK_PNG 16 0 0 1 0.882353 0.778547
The regex alone will fp; I
We're getting the same and today it started hitting a different account (Domain).What are these things? I thought exploratory, maybe looking for replies to build a DB for a later spam wave? Their not malicious in content and look like someone's virus working incorrectly. But, I doubt they are
Hello Nick,
Thanks.
That's all good then :-)
_M
Tuesday, June 6, 2006, 10:46:55 AM, you wrote:
Pete McNeil wrote:
Hello Nick,
What is your false positive rate with that pattern?
Hmm lets go to the MDLP for yesterday :)
SS
Subject: [sniffer]Re[2]: [sniffer]Numeric spam topic change to png stock
spam
Hello Jonathan,
I urge caution from experience... png images are not entirely rare,
and the cid: tag format in the regex is also common.
I'd love to be wrong - but I recall false positives with similar
attempts
On Jun 6, 2006, at 7:51 AM, Steve Guluk wrote:We're getting the same and today it started hitting a different account (Domain).What are these things? I thought exploratory, maybe looking for replies to build a DB for a later spam wave? Their not malicious in content and look like someone's virus
ge Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
GulukSent: Tuesday, June 06, 2006 3:46 PMTo: Message
Sniffer CommunitySubject: Re: [sniffer]Numeric
spam
On Jun 6, 2006, at 7:51 AM, Steve Guluk wrote:
We're
getting the same and today it started hitting a diffe
.
Andrew 8)
_
From: Message Sniffer Community [mailto:[EMAIL PROTECTED]
On Behalf Of Steve Guluk
Sent: Tuesday, June 06, 2006 3:46 PM
To: Message Sniffer Community
Subject: Re: [sniffer]Numeric spam
On Jun 6, 2006, at 7:51 AM, Steve
this type of junkmail?
Michael SteinComputer House
- Original Message -
From:
Colbeck,
Andrew
To: Message Sniffer Community
Sent: Tuesday, June 06, 2006 7:37
PM
Subject: Re: [sniffer]Numeric spam
Both of which are reasonable, particularly given the
recent Blue
Sent: Tuesday, June 06, 2006 8:07 PM
Subject: Re: [sniffer]Numeric spam
I thought that having an SPF record would prevent a
spammer from forging your domain name, but our SPF record did not seem to help
with these odd numeric E-mails which appear to be coming from our
owndomain.
Does anyone
Hi Darin,
Thanks for your reply. Sure wish I understood what
you're saying
Michael SteinComputer House
- Original Message -
From:
Darin Cox
To: Message Sniffer Community
Sent: Tuesday, June 06, 2006 8:10
PM
Subject: Re: [sniffer]Numeric spam
They do
18 matches
Mail list logo