Hello Bonno,
Monday, June 4, 2007, 6:09:59 AM, you wrote:
|
> |
Hi,
Are these medecine spams getting more agressive? The past few weeks I've more than my share of those image spams getting taggen by virtually no spam filter at all or maybe just a few to tag it but not hold it. Any one of those the sniffer does not catch I forward to [EMAIL PROTECTED] but as they are all mixed with some random noice I assume the're pretty much all unique. |
All spam is getting more aggressive. The blackhats are continuing to develop botware and supporting software that is specifically designed to defeat all filters... and they are getting better at it. A few weeks ago they launched a new collection of bots and botware. With that, they more than doubled the average rate of new spam we see at our traps overnight from just over 650 per hour to more than 1400 (rough averages).
Late last night and through the wee hours, for example, we were forced to engage a flurry of very aggressive campaigns that were launched while we were servicing parts of our database system. The spike reached a rate greater than 6400 messages per hour nearly instantaneously!
|
> |
Any change sniffer can get them in a more generic way or does sniffer indeed have to wait until the next variation comes along in order to code rules for it? |
As much as possible we do code for new campaigns using abstract ("more generic") heuristics as a rule. We are frequently able to capture hundreds of variations of a campaign with only a hand-full of rules. Of course this prompts the blackhats to produce spam that is even more highly variable and delivered with more bandwidth.
It's an arms race - no doubt about it.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
