[sniffer] Lot of Drugs Spam getting through sniffer....
The last few days tons on Drus spam is coming in and sniffer is catching none of it. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Lot of Drugs Spam getting through sniffer....
Here too. -- Daniel Bayerdorffer [EMAIL PROTECTED] Numberall Stamp Tool Co., Inc. PO Box 187 Sangerville, ME 04479 USA TEL 207-876-3541 FAX 207-876-3566 www.numberall.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, May 05, 2006 10:34 AM To: sniffer@sortmonster.com Subject: [sniffer] Lot of Drugs Spam getting through sniffer The last few days tons on Drus spam is coming in and sniffer is catching none of it. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Lot of Drugs Spam getting through sniffer....
I have been getting them here also and have forwarded some to [EMAIL PROTECTED] I guess to get past the filters the spammers misspell key words throughout the email with new web links. It is misspelled so badly that I cannot really make sense of it. Are there actual people out there that would buy this stuff from a spam email like that? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bayerdorffer Sent: Friday, May 05, 2006 9:38 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Lot of Drugs Spam getting through sniffer Here too. -- Daniel Bayerdorffer [EMAIL PROTECTED] Numberall Stamp Tool Co., Inc. PO Box 187 Sangerville, ME 04479 USA TEL 207-876-3541 FAX 207-876-3566 www.numberall.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, May 05, 2006 10:34 AM To: sniffer@sortmonster.com Subject: [sniffer] Lot of Drugs Spam getting through sniffer The last few days tons on Drus spam is coming in and sniffer is catching none of it. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] Lot of Drugs Spam getting through sniffer....
On Friday, May 5, 2006, 11:02:00 AM, Darin wrote: DC Not just drugs, but some others too have been slipping through the past DC couple of days. We've reported a little under 40 in the past couple of DC days. We saw a bit of a lull, then a rash of new campaigns bunched together with some new obfuscation techniques. We're getting a handle on it now. Looks like the burst started about 30 hours ago and is tailing off now. Attached image - new arrival rates last 2 days. getchart.jsp.png Description: PNG image
RE: [sniffer] Lot of Drugs Spam getting through sniffer....
The more interesting fact is that Outlook's generic spam filter is catching 1 to 7 spam messages per day for me. John Back Baldwin School -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, May 05, 2006 10:34 AM To: sniffer@sortmonster.com Subject: [sniffer] Lot of Drugs Spam getting through sniffer The last few days tons on Drus spam is coming in and sniffer is catching none of it. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] Lot of Drugs Spam getting through sniffer....
We've had that rule before and had to pull it for false positives. _M On Friday, May 5, 2006, 11:41:50 AM, John wrote: JTL FYI, I created a Declude Filter: JTL Subject END NOTCONTAINS news JTL BODY25 CONTAINShttp://geocities.com/ JTL Been catching every one like that. JTL John T JTL eServices For You JTL Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] JTL On Behalf Of Daniel Bayerdorffer Sent: Friday, May 05, 2006 7:38 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Lot of Drugs Spam getting through sniffer Here too. -- Daniel Bayerdorffer [EMAIL PROTECTED] Numberall Stamp Tool Co., Inc. PO Box 187 Sangerville, ME 04479 USA TEL 207-876-3541 FAX 207-876-3566 www.numberall.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, May 05, 2006 10:34 AM To: sniffer@sortmonster.com Subject: [sniffer] Lot of Drugs Spam getting through sniffer The last few days tons on Drus spam is coming in and sniffer is catching none of it. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information JTL and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html JTL This E-Mail came from the Message Sniffer mailing list. For JTL information and (un)subscription instructions go to JTL http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Lot of Drugs Spam getting through sniffer....
Well, I am at the point that I could care less about geocities false positives. If GeoCities is going to allow this much spam junk then I could care less about allowing them. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, May 05, 2006 9:09 AM To: John T (Lists) Subject: Re[2]: [sniffer] Lot of Drugs Spam getting through sniffer We've had that rule before and had to pull it for false positives. _M On Friday, May 5, 2006, 11:41:50 AM, John wrote: JTL FYI, I created a Declude Filter: JTL Subject END NOTCONTAINS news JTL BODY25 CONTAINShttp://geocities.com/ JTL Been catching every one like that. JTL John T JTL eServices For You JTL Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] JTL On Behalf Of Daniel Bayerdorffer Sent: Friday, May 05, 2006 7:38 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Lot of Drugs Spam getting through sniffer Here too. -- Daniel Bayerdorffer [EMAIL PROTECTED] Numberall Stamp Tool Co., Inc. PO Box 187 Sangerville, ME 04479 USA TEL 207-876-3541 FAX 207-876-3566 www.numberall.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, May 05, 2006 10:34 AM To: sniffer@sortmonster.com Subject: [sniffer] Lot of Drugs Spam getting through sniffer The last few days tons on Drus spam is coming in and sniffer is catching none of it. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information JTL and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html JTL This E-Mail came from the Message Sniffer mailing list. For JTL information and (un)subscription instructions go to JTL http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer....
On Friday, May 5, 2006, 1:08:14 PM, John wrote: JTL Well, I am at the point that I could care less about geocities false JTL positives. If GeoCities is going to allow this much spam junk then I could JTL care less about allowing them. That's fine. There are probably a number of systems that feel that way. I only meant to say that we've tried a block-first strategy w/ geocities before and had to remove it. YMMV. You should also know (may remember) that the blackhats experimented a while ago with using several other hosting sites, including msn, and seeding them in round-robin fashion so that they all appeared in each campaign. Since this experiment stopped abruptly I doubt that it has been abandoned - rather, it was put on the shelf for a while. At the time it was clearly effective for them. I think it likely they will do that again (don't know when) since they are putting some new effort into this path. I don't have any evidence of it yet. I discovered that on 20060503 the blackhats made some significant changes to their use of geocities links and their transmission patterns. I've re-tuned the F002 bot to compensate and it is currently reviewing a handful of new geocities links every minute and adding approximately 1.2 new rules per minute. I suspect that the lull we observed may have had something to do with their tooling up for this set of campaigns. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer....
Just when you think we won the battle, they move the targets and change the rules. This is why we need people like Pete and Darrell to help us fight this ever changing war. A big thanks. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, May 05, 2006 11:37 AM To: John T (Lists) Subject: Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer On Friday, May 5, 2006, 1:08:14 PM, John wrote: JTL Well, I am at the point that I could care less about geocities false JTL positives. If GeoCities is going to allow this much spam junk then I could JTL care less about allowing them. That's fine. There are probably a number of systems that feel that way. I only meant to say that we've tried a block-first strategy w/ geocities before and had to remove it. YMMV. You should also know (may remember) that the blackhats experimented a while ago with using several other hosting sites, including msn, and seeding them in round-robin fashion so that they all appeared in each campaign. Since this experiment stopped abruptly I doubt that it has been abandoned - rather, it was put on the shelf for a while. At the time it was clearly effective for them. I think it likely they will do that again (don't know when) since they are putting some new effort into this path. I don't have any evidence of it yet. I discovered that on 20060503 the blackhats made some significant changes to their use of geocities links and their transmission patterns. I've re-tuned the F002 bot to compensate and it is currently reviewing a handful of new geocities links every minute and adding approximately 1.2 new rules per minute. I suspect that the lull we observed may have had something to do with their tooling up for this set of campaigns. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
