Re: [Declude.JunkMail] Filter for Football
This is another virus spammed from the Storm botnet.
Matt
Marc Catuogno wrote:
Just an FYI, I just got this link claiming this is a trojan downloader
http://antivirus.about.com/b/a/257941.htm
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David
Barker
Sent: Wednesday, September 12, 2007 1:07 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Filter for Football
You could create a filter that looks for 2 identifiers in the email then
score the filter in the global.cfg.
1. A phrase or word
2. The fact there is an IP as a URL
Example:
MINWEIGHTTOFAIL 2
ANYWHERE1 PCRE (?i:football|games?)
BODY1 PCRE
(http://((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9
]|[01]?[0-9][0-9]?))
David
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mon
Mariola - Rubén
Sent: Wednesday, September 12, 2007 11:28 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Filter for Football
This is only a sample. The IPs are different. At least I have counted about
20 different subjects that declude has detected like spam and for each
subject many combinations of bodies. 40% of the messages blocked by declude
are of this type.
--
Subject: NFL Season Is Here!
Body:
The time has come for... FOOTBALL!
Don't miss a single game because you don't have the info you needed.
Have all the details for every game with our free game tracking system:
http://x.x.x.x/
--
Subject: Do you have your NFL Game List?
Body:
Football is back, Life may resume again!
Let us keep you on top of every game everyday.
Get all the info you need from our online game tracker:
http://x.x.x.x/
--
Subject: NFL Game List
Body:
We interrupt this life to bring you.FOOTBALL!
Know all the games, what time, what channel and the stats.
Stay informed for every game with our free game page:
http://x.x.x.x/
--
Subject: FOOTBALL! Are You ready?
Body:
Season is open and we do mean FOOTBALL!
Know all the games, what time, what channel and the stats.
Stay informed for every game with our free game page:
http://x.x.x.x/
--
Ruben Marti.
Mon Mariola, S.L.
- Original Message -
From: David Barker
To: declude.junkmail@declude.com
Sent: Wednesday, September 12, 2007 4:36 PM
Subject: RE: [Declude.JunkMail] Filter for Football
Can you post an example ?
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter for Football
Just an FYI, I just got this link claiming this is a trojan downloader
http://antivirus.about.com/b/a/257941.htm
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David
Barker
Sent: Wednesday, September 12, 2007 1:07 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Filter for Football
You could create a filter that looks for 2 identifiers in the email then
score the filter in the global.cfg.
1. A phrase or word
2. The fact there is an IP as a URL
Example:
MINWEIGHTTOFAIL 2
ANYWHERE1 PCRE (?i:football|games?)
BODY1 PCRE
(http://((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9
]|[01]?[0-9][0-9]?))
David
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mon
Mariola - Rubén
Sent: Wednesday, September 12, 2007 11:28 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Filter for Football
This is only a sample. The IPs are different. At least I have counted about
20 different subjects that declude has detected like spam and for each
subject many combinations of bodies. 40% of the messages blocked by declude
are of this type.
--
Subject: NFL Season Is Here!
Body:
The time has come for... FOOTBALL!
Don't miss a single game because you don't have the info you needed.
Have all the details for every game with our free game tracking system:
http://x.x.x.x/
--
Subject: Do you have your NFL Game List?
Body:
Football is back, Life may resume again!
Let us keep you on top of every game everyday.
Get all the info you need from our online game tracker:
http://x.x.x.x/
--
Subject: NFL Game List
Body:
We interrupt this life to bring you.FOOTBALL!
Know all the games, what time, what channel and the stats.
Stay informed for every game with our free game page:
http://x.x.x.x/
--
Subject: FOOTBALL! Are You ready?
Body:
Season is open and we do mean FOOTBALL!
Know all the games, what time, what channel and the stats.
Stay informed for every game with our free game page:
http://x.x.x.x/
--
Ruben Marti.
Mon Mariola, S.L.
- Original Message -
From: David Barker
To: declude.junkmail@declude.com
Sent: Wednesday, September 12, 2007 4:36 PM
Subject: RE: [Declude.JunkMail] Filter for Football
Can you post an example ?
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter for Football
You could create a filter that looks for 2 identifiers in the email then
score the filter in the global.cfg.
1. A phrase or word
2. The fact there is an IP as a URL
Example:
MINWEIGHTTOFAIL 2
ANYWHERE1 PCRE (?i:football|games?)
BODY1 PCRE
(http://((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9
]|[01]?[0-9][0-9]?))
David
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mon
Mariola - Rubén
Sent: Wednesday, September 12, 2007 11:28 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Filter for Football
This is only a sample. The IPs are different. At least I have counted about
20 different subjects that declude has detected like spam and for each
subject many combinations of bodies. 40% of the messages blocked by declude
are of this type.
--
Subject: NFL Season Is Here!
Body:
The time has come for... FOOTBALL!
Don't miss a single game because you don't have the info you needed.
Have all the details for every game with our free game tracking system:
http://x.x.x.x/
--
Subject: Do you have your NFL Game List?
Body:
Football is back, Life may resume again!
Let us keep you on top of every game everyday.
Get all the info you need from our online game tracker:
http://x.x.x.x/
--
Subject: NFL Game List
Body:
We interrupt this life to bring you.FOOTBALL!
Know all the games, what time, what channel and the stats.
Stay informed for every game with our free game page:
http://x.x.x.x/
--
Subject: FOOTBALL! Are You ready?
Body:
Season is open and we do mean FOOTBALL!
Know all the games, what time, what channel and the stats.
Stay informed for every game with our free game page:
http://x.x.x.x/
--
Ruben Marti.
Mon Mariola, S.L.
- Original Message -
From: David Barker
To: declude.junkmail@declude.com
Sent: Wednesday, September 12, 2007 4:36 PM
Subject: RE: [Declude.JunkMail] Filter for Football
Can you post an example ?
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filter for Football
This is only a sample. The IPs are different. At least I have counted about 20 different subjects that declude has detected like spam and for each subject many combinations of bodies. 40% of the messages blocked by declude are of this type. -- Subject: NFL Season Is Here! Body: The time has come for... FOOTBALL! Don't miss a single game because you don't have the info you needed. Have all the details for every game with our free game tracking system: http://x.x.x.x/ -- Subject: Do you have your NFL Game List? Body: Football is back, Life may resume again! Let us keep you on top of every game everyday. Get all the info you need from our online game tracker: http://x.x.x.x/ -- Subject: NFL Game List Body: We interrupt this life to bring you.FOOTBALL! Know all the games, what time, what channel and the stats. Stay informed for every game with our free game page: http://x.x.x.x/ -- Subject: FOOTBALL! Are You ready? Body: Season is open and we do mean FOOTBALL! Know all the games, what time, what channel and the stats. Stay informed for every game with our free game page: http://x.x.x.x/ -- Ruben Marti. Mon Mariola, S.L. - Original Message - From: David Barker To: declude.junkmail@declude.com Sent: Wednesday, September 12, 2007 4:36 PM Subject: RE: [Declude.JunkMail] Filter for Football Can you post an example ? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter for Football
Can you post an example ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mon Mariola - Rubén Sent: Wednesday, September 12, 2007 10:23 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Filter for Football Somebody has been able to make a filter that detects the messages of Football? Lately many messages arrive and all are not detected by declude. The problem is the different variety of subjects and bodies that they have. Ruben Marti. Mon Mariola, S.L. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filter for Football
Somebody has been able to make a filter that detects the messages of Football? Lately many messages arrive and all are not detected by declude. The problem is the different variety of subjects and bodies that they have. Ruben Marti. Mon Mariola, S.L. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
