Re: [newbie] German Language SPAM

Sun, 20 Jun 2004 11:09:51 -0700 

On Thursday 17 June 2004 06:55 am, Greg Meyer wrote:
> Is anybody else on this list getting inundated with German Language spam.
>  The ip address it is coming from is dynamic and looks like a french isp.
>  Since some of the from addresses seem familiar, I am thinking that
> someone subscribed to newbie, perhaps dual-booting, has their windows
> partition infected and is periodically throwing off tons of German
> Laanguage spam. Please check you machines if this remotely describes you.

Sure have Greg, it was the talk of the SA list for awhile.  Need a ruleset 
for it?  See below on exerpt from the list:

>AFAIK they are not using hacked mail-accounts but machines previously 
>infected with the Sober worm. This Nazi variant is called Sober.H by the 
>antivirus industry. Unfortunately there are still too many unsuspecting 
>dial-up users out there without any clues about patching their systems 
>or using a firewall...

Below is how its being picked up on my system:

Content analysis details:   (45.0 hits, 5.0 required)
 3.0 SARE_MSGID_QMAIL1      Contains spoofing message id
-0.3 NO_REAL_NAME           From: does not include a real name
 1.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence between 51 and 100
                            [cf: 100]
 4.3 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
 3.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 2.5 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
 2.7 DCC_CHECK              Listed in DCC 
(http://rhyolite.com/anti-spam/dcc/)
 1.4 MISSING_HEADERS        Missing To: header
 0.8 SARE_TOCC_NONE         No To header found in email
 2.7 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer
 8.0 RASSISMUS_MAILS_1      Rassistische E-Mails, Titel
  15 RASSISMUS_MAILS_2      Rassistische E-Mails, Inhalt + Titel

-- 
Chris
Registered Linux User 283774 http://counter.li.org
12:58pm up 9 days, 23:23, 2 users, load average: 1.03, 1.00, 1.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save the whales.  Collect the whole set.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Live - From Virgin Radio UK Oasis - Live Forever



____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Reply via email to