Hello Sniffer Folks, It's been a while since I've made an announcement like this, but I thought I would warn you if you're not already seeing it---
Today we have seen several high amplitude bursts of new spam that appear to be coordinated to hit at a particular moment. These bursts appear to contain campaigns in "all flavors" and appear to be from a wide variety of sources (as identified by coding tactics, methodologies, subject matter, obfuscation techniques, etc...) It appears to me that even factions which generally don't get along are more than happy to jump on the "burst" bandwagon at present. About 30 hours ago the first heavy burst began with new spam and variants arriving at a rate 6 times normal. Another similar burst is currently underway which began roughly 3 hours ago and has sustained a similar rate throughout that period. Not only is the rate of new variations very high but the overall bandwidth of the campaigns is also very high. This overall pattern of bursts seems to have begun roughly 3 days ago - perhaps around the time of the demise of bluesky. The pattern of traffic is very similar to the pattern that we saw beginning last year when we identified an apparent shift in spam delivery patterns: http://www.sortmonster.com/MessageSniffer/Help/Papers/OrganizedBlackHats/ I've attached images of our current 2 day and 30 day graphs for those who are interested in such things. I recommend that if you have a way to tune your systems to be more strict (perhaps at the expense of some FPs) then now might be a good time to make that tradeoff. Best, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC.
20060520.1717-30-day-getchart.jsp.png
Description: PNG image
20060520.1717-48-hour-getchart.jsp.png
Description: PNG image
############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
