Pete, Is there any way to deal with the other new attachment based spasm we have been seeing recently? I see a lot coming in that only say here is your invoice and have an invoice.doc (or similar attachment). Inside the word file is the spam itself. I've seen a bunch of these in the last week or so, I initially thought they were viruses, but none of my virus scanners picked them up as such and their contents were just a bunch of spam.
Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] -----Original Message----- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, August 22, 2006 2:34 PM To: Message Sniffer Community Subject: [sniffer] Re: Am I submitting to [EMAIL PROTECTED] properly Hello David, I think this format should come through fine. Phishing is a constant challenge because it is so variable and so close to a legitimate message (on purpose). I will code some rules for the message you submitted and I'm sure Jason (Lead Rule Tech) will see this note and help us watch for these more closely. Thanks! _M Tuesday, August 22, 2006, 5:10:58 PM, you wrote: > > > > I just want to know if I am submitting spam emails to > [EMAIL PROTECTED] properly being in Australia we see a lot of > spam targeting ANZ, National and Commonwealth bank and they seem to > be evading the Sniffer program so when I send a spam to > [EMAIL PROTECTED] (I am using Outlook 2003) I copy and paste the > header and forward the email to [EMAIL PROTECTED] is this working > properly. Please see example below. > > > > Regards David Moore > > > > > > Received: from dialup-82-207-6-125.lv.ukrtel.net [82.207.6.125] by romtech.com.au > > (SMTPD-8.22) id A82E053C; Tue, 22 Aug 2006 23:35:42 +1000 > > Message-ID: <[EMAIL PROTECTED]> > > From: "Commonweal Bank of Australia" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Commonweal Bank of Australia new security features. > > Date: Tue, 22 Aug 2006 10:45:09 +0400 > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="----=_NextPart_000_001D_01C6C5D8.0A0008A0" > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook Express 6.00.2900.2527 > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 > > X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 > > X-mxGuard-SpoolID: 082d00a10000ecb1 > > X-mxGuard-Sender: [EMAIL PROTECTED] > > X-mxGuard-Virus-Info: No viruses detected > > X-mxGuard-Spam-Score: 0 > > X-mxGuard-Spam-Probability: CLEAN > > X-Note: This message has been scanned for spam and viruses by > mxGuard for IMail (www.mxguard.com) > > X-RCPT-TO: <[EMAIL PROTECTED]> > > Status: U > > X-UIDL: 454949852 > > X-IMail-ThreadID: 082d00a10000ecb1 > > > > > > > From: Commonweal Bank of Australia [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 22 August 2006 4:45 PM > To: [EMAIL PROTECTED] > Subject: Commonweal Bank of Australia new security features. > > > > It has come to our attention that your account needs to be > confirmed due to the recent changes we have made to our NetBank online system. > We contacted you for the following reason: Confirm your > Information in order to activate new NetBank security features for > your account. Be sure to log in securely by following the link > below. It's important that you confirm your NetBank account > information otherwise you will not be able to access our online > services. We encourage you to login in to your Commonwealth Bank > account as soon as possible to help avoid this. > > Click here > > We appreciate your understanding as we work to ensure account safety. > > Sincerely, > Commonweal Bank of Australia management stuff. > > Email ID: GFR97DF > > > > > > > -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>