Hello Alberto, Monday, May 14, 2007, 10:44:41 AM, you wrote:
> Yes I agree also here we are having a real storm !!! > Alberto It's clear the blackhats are intent on putting their new engines to work. We've seen a number of campaigns this morning and over night that are extremely aggressive. Since about last week, these new engines came online and beginning about 4 days ago they have been aggressively pressed into service. It is clear that part of their new strategy is to use high amplitude bursts and pre-optimized messages to push as much spam as possible through the window before it closes. We can probably expect this to continue and expect to see spikes get past the system from time to time until the system learns more about the new engines so that it can better mitigate new (as yet unseen) campaigns. Here are a few graphs to illustrate the change in traffic patterns that goes along with these conjectures and observations. 30 Day New Message / Leakage Rate: * General uptick in new traffic coincided with observations of new message structure patterns (indicating new bot software) about 8 days ago. * Increasingly "spikey" pattern beginning about 4 days ago coincided with observations of heavy bandwidth utilization upon the launch of new campaigns -- Use of high-amplitude spikes to increase delivery before the "window" closes. 48 Hour New Message / Leakage Rate: * Roughly 28 hours ago we saw a new family of campaigns leveraging a new "stuffing" corpus. The new campaign was triggered on Mothers Day -- probably to take advantage of folks having other things to do - instead of a more typical pattern of launching new campaigns early on Mondays. The campaign evolved and expanded continuously throughout a very busy 10 hour period. At the moment this family of campaigns appears to be contained, though we do continue to see new variations and train the system to recognize them and some predictable variants. * Today there has already been at least 2 new campaigns launched with extremely high bandwidth. Hope this info is useful. Thanks! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC.
<<attachment: 20070514NewStorms48Hour.png>>
<<attachment: 20070514NewStorms30Day.png>>
############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
