[sniffer] Re: Am I submitting to s...@sortmonster.com properly
Hello Jim, I've started working on some of these also. SNF usually does look inside file attachments so it's possible we can get to some of the raw content -- in fact, most of it is already coded - but being inside all of the binary cruft in a word document is keeping it out of the scanning window. We are catching some of them, and others not so much. We will keep working on it though. _M Tuesday, August 22, 2006, 5:46:03 PM, you wrote: > Pete, > Is there any way to deal with the other new attachment based spasm we have > been seeing recently? I see a lot coming in that only say here is your > invoice and have an invoice.doc (or similar attachment). Inside the word > file is the spam itself. I've seen a bunch of these in the last week or so, > I initially thought they were viruses, but none of my virus scanners picked > them up as such and their contents were just a bunch of spam. > Jim Matuska Jr. > Computer Tech2, CCNA > Nez Perce Tribe > Information Systems > [EMAIL PROTECTED] > > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: Tuesday, August 22, 2006 2:34 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Am I submitting to [EMAIL PROTECTED] properly > Hello David, > I think this format should come through fine. Phishing is a constant > challenge because it is so variable and so close to a legitimate > message (on purpose). > I will code some rules for the message you submitted and I'm sure > Jason (Lead Rule Tech) will see this note and help us watch for these > more closely. > Thanks! > _M > Tuesday, August 22, 2006, 5:10:58 PM, you wrote: >> >> >> >> I just want to know if I am submitting spam emails to >> [EMAIL PROTECTED] properly being in Australia we see a lot of >> spam targeting ANZ, National and Commonwealth bank and they seem to >> be evading the Sniffer program so when I send a spam to >> [EMAIL PROTECTED] (I am using Outlook 2003) I copy and paste the >> header and forward the email to [EMAIL PROTECTED] is this working >> properly. Please see example below. >> >> >> >> Regards David Moore >> >> >> >> >> >> Received: from dialup-82-207-6-125.lv.ukrtel.net [82.207.6.125] by > romtech.com.au >> >> (SMTPD-8.22) id A82E053C; Tue, 22 Aug 2006 23:35:42 +1000 >> >> Message-ID: <[EMAIL PROTECTED]> >> >> From: "Commonweal Bank of Australia" <[EMAIL PROTECTED]> >> >> To: <[EMAIL PROTECTED]> >> >> Subject: Commonweal Bank of Australia new security features. >> >> Date: Tue, 22 Aug 2006 10:45:09 +0400 >> >> MIME-Version: 1.0 >> >> Content-Type: multipart/alternative; >> >> boundary="=_NextPart_000_001D_01C6C5D8.0A0008A0" >> >> X-Priority: 3 >> >> X-MSMail-Priority: Normal >> >> X-Mailer: Microsoft Outlook Express 6.00.2900.2527 >> >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 >> >> X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 >> >> X-mxGuard-SpoolID: 082d00a1ecb1 >> >> X-mxGuard-Sender: [EMAIL PROTECTED] >> >> X-mxGuard-Virus-Info: No viruses detected >> >> X-mxGuard-Spam-Score: 0 >> >> X-mxGuard-Spam-Probability: CLEAN >> >> X-Note: This message has been scanned for spam and viruses by >> mxGuard for IMail (www.mxguard.com) >> >> X-RCPT-TO: <[EMAIL PROTECTED]> >> >> Status: U >> >> X-UIDL: 454949852 >> >> X-IMail-ThreadID: 082d00a1ecb1 >> >> >> >> >> >> >> From: Commonweal Bank of Australia [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, 22 August 2006 4:45 PM >> To: [EMAIL PROTECTED] >> Subject: Commonweal Bank of Australia new security features. >> >> >> >> It has come to our attention that your account needs to be >> confirmed due to the recent changes we have made to our NetBank online > system. >> We contacted you for the following reason: Confirm your >> Information in order to activate new NetBank security features for >> your account. Be sure to log in securely by following the link >> below. It's important that you confirm your NetBank account >> information otherwise you will not be able to access our online >> services. We encourage you to login in to your Commonwealth Bank >> account as soon as possible to help avoid this. >> >> Click here >> >> We appreciate your understanding as we work to ensure account safety. >> >> Sincerely, >> Commonweal Bank of Australia management stuff. >> >> Email ID: GFR97DF >> >> >> >> >> >> >> -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Am I submitting to s...@sortmonster.com properly
Pete, Is there any way to deal with the other new attachment based spasm we have been seeing recently? I see a lot coming in that only say here is your invoice and have an invoice.doc (or similar attachment). Inside the word file is the spam itself. I've seen a bunch of these in the last week or so, I initially thought they were viruses, but none of my virus scanners picked them up as such and their contents were just a bunch of spam. Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, August 22, 2006 2:34 PM To: Message Sniffer Community Subject: [sniffer] Re: Am I submitting to [EMAIL PROTECTED] properly Hello David, I think this format should come through fine. Phishing is a constant challenge because it is so variable and so close to a legitimate message (on purpose). I will code some rules for the message you submitted and I'm sure Jason (Lead Rule Tech) will see this note and help us watch for these more closely. Thanks! _M Tuesday, August 22, 2006, 5:10:58 PM, you wrote: > > > > I just want to know if I am submitting spam emails to > [EMAIL PROTECTED] properly being in Australia we see a lot of > spam targeting ANZ, National and Commonwealth bank and they seem to > be evading the Sniffer program so when I send a spam to > [EMAIL PROTECTED] (I am using Outlook 2003) I copy and paste the > header and forward the email to [EMAIL PROTECTED] is this working > properly. Please see example below. > > > > Regards David Moore > > > > > > Received: from dialup-82-207-6-125.lv.ukrtel.net [82.207.6.125] by romtech.com.au > > (SMTPD-8.22) id A82E053C; Tue, 22 Aug 2006 23:35:42 +1000 > > Message-ID: <[EMAIL PROTECTED]> > > From: "Commonweal Bank of Australia" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Commonweal Bank of Australia new security features. > > Date: Tue, 22 Aug 2006 10:45:09 +0400 > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="=_NextPart_000_001D_01C6C5D8.0A0008A0" > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook Express 6.00.2900.2527 > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 > > X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 > > X-mxGuard-SpoolID: 082d00a1ecb1 > > X-mxGuard-Sender: [EMAIL PROTECTED] > > X-mxGuard-Virus-Info: No viruses detected > > X-mxGuard-Spam-Score: 0 > > X-mxGuard-Spam-Probability: CLEAN > > X-Note: This message has been scanned for spam and viruses by > mxGuard for IMail (www.mxguard.com) > > X-RCPT-TO: <[EMAIL PROTECTED]> > > Status: U > > X-UIDL: 454949852 > > X-IMail-ThreadID: 082d00a1ecb1 > > > > > > > From: Commonweal Bank of Australia [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 22 August 2006 4:45 PM > To: [EMAIL PROTECTED] > Subject: Commonweal Bank of Australia new security features. > > > > It has come to our attention that your account needs to be > confirmed due to the recent changes we have made to our NetBank online system. > We contacted you for the following reason: Confirm your > Information in order to activate new NetBank security features for > your account. Be sure to log in securely by following the link > below. It's important that you confirm your NetBank account > information otherwise you will not be able to access our online > services. We encourage you to login in to your Commonwealth Bank > account as soon as possible to help avoid this. > > Click here > > We appreciate your understanding as we work to ensure account safety. > > Sincerely, > Commonweal Bank of Australia management stuff. > > Email ID: GFR97DF > > > > > > > -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Am I submitting to s...@sortmonster.com properly
Hello David, I think this format should come through fine. Phishing is a constant challenge because it is so variable and so close to a legitimate message (on purpose). I will code some rules for the message you submitted and I'm sure Jason (Lead Rule Tech) will see this note and help us watch for these more closely. Thanks! _M Tuesday, August 22, 2006, 5:10:58 PM, you wrote: > > > > I just want to know if I am submitting spam emails to > [EMAIL PROTECTED] properly being in Australia we see a lot of > spam targeting ANZ, National and Commonwealth bank and they seem to > be evading the Sniffer program so when I send a spam to > [EMAIL PROTECTED] (I am using Outlook 2003) I copy and paste the > header and forward the email to [EMAIL PROTECTED] is this working > properly. Please see example below. > > > > Regards David Moore > > > > > > Received: from dialup-82-207-6-125.lv.ukrtel.net [82.207.6.125] by > romtech.com.au > > (SMTPD-8.22) id A82E053C; Tue, 22 Aug 2006 23:35:42 +1000 > > Message-ID: <[EMAIL PROTECTED]> > > From: "Commonweal Bank of Australia" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Commonweal Bank of Australia new security features. > > Date: Tue, 22 Aug 2006 10:45:09 +0400 > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="=_NextPart_000_001D_01C6C5D8.0A0008A0" > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook Express 6.00.2900.2527 > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 > > X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 > > X-mxGuard-SpoolID: 082d00a1ecb1 > > X-mxGuard-Sender: [EMAIL PROTECTED] > > X-mxGuard-Virus-Info: No viruses detected > > X-mxGuard-Spam-Score: 0 > > X-mxGuard-Spam-Probability: CLEAN > > X-Note: This message has been scanned for spam and viruses by > mxGuard for IMail (www.mxguard.com) > > X-RCPT-TO: <[EMAIL PROTECTED]> > > Status: U > > X-UIDL: 454949852 > > X-IMail-ThreadID: 082d00a1ecb1 > > > > > > > From: Commonweal Bank of Australia [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 22 August 2006 4:45 PM > To: [EMAIL PROTECTED] > Subject: Commonweal Bank of Australia new security features. > > > > It has come to our attention that your account needs to be > confirmed due to the recent changes we have made to our NetBank online system. > We contacted you for the following reason: Confirm your > Information in order to activate new NetBank security features for > your account. Be sure to log in securely by following the link > below. It's important that you confirm your NetBank account > information otherwise you will not be able to access our online > services. We encourage you to login in to your Commonwealth Bank > account as soon as possible to help avoid this. > > Click here > > We appreciate your understanding as we work to ensure account safety. > > Sincerely, > Commonweal Bank of Australia management stuff. > > Email ID: GFR97DF > > > > > > > -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Am I submitting to s...@sortmonster.com properly
I just want to know if I am submitting spam emails to [EMAIL PROTECTED] properly being in Australia we see a lot of spam targeting ANZ, National and Commonwealth bank and they seem to be evading the Sniffer program so when I send a spam to [EMAIL PROTECTED] (I am using Outlook 2003) I copy and paste the header and forward the email to [EMAIL PROTECTED] is this working properly. Please see example below. Regards David Moore Received: from dialup-82-207-6-125.lv.ukrtel.net [82.207.6.125] by romtech.com.au (SMTPD-8.22) id A82E053C; Tue, 22 Aug 2006 23:35:42 +1000 Message-ID: <[EMAIL PROTECTED]> From: "Commonweal Bank of Australia" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Commonweal Bank of Australia new security features. Date: Tue, 22 Aug 2006 10:45:09 +0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_001D_01C6C5D8.0A0008A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 X-mxGuard-SpoolID: 082d00a1ecb1 X-mxGuard-Sender: [EMAIL PROTECTED] X-mxGuard-Virus-Info: No viruses detected X-mxGuard-Spam-Score: 0 X-mxGuard-Spam-Probability: CLEAN X-Note: This message has been scanned for spam and viruses by mxGuard for IMail (www.mxguard.com) X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 454949852 X-IMail-ThreadID: 082d00a1ecb1 From: Commonweal Bank of Australia [mailto:[EMAIL PROTECTED] Sent: Tuesday, 22 August 2006 4:45 PM To: [EMAIL PROTECTED] Subject: Commonweal Bank of Australia new security features. It has come to our attention that your account needs to be confirmed due to the recent changes we have made to our NetBank online system. We contacted you for the following reason: Confirm your Information in order to activate new NetBank security features for your account. Be sure to log in securely by following the link below. It's important that you confirm your NetBank account information otherwise you will not be able to access our online services. We encourage you to login in to your Commonwealth Bank account as soon as possible to help avoid this. Click here We appreciate your understanding as we work to ensure account safety. Sincerely, Commonweal Bank of Australia management stuff. Email ID: GFR97DF