On 11 Dec 2018, at 7:52, RW wrote:
On Mon, 10 Dec 2018 16:02:33 -0500
Bill Cole wrote:
On 10 Dec 2018, at 14:13, RW wrote:
On Mon, 10 Dec 2018 12:45:53 -0500
Mark London wrote:
Hi - Here's another form of obfuscation spam. This time, not a
porn blackmail one. Almost the whole text is obfuscated.
https://pastebin.com/VURwmrrF
You say obfuscated, but it looked completely unreadable to me.
The text/plain part is garbage, but the text/html part renders to a
mostly readable phish.
I see it depends on the client,
Yes. For easy readability, the HTML renderer must honor styling
attributes instructing it to draw some characters inside words as
invisible and zero-width. This provides a handle for a 'rawbody' rule
and there are rules in the 'nonKAM' set that Kevin curates which catch
on that mail almost accidentally...
this is a typical line as rendered by
claws-mail:
Ρnflе2аgѕsе Сal3ісκml Неvге tsο9 геdνіеywtv
thіѕ а3rсt4іν5qіxtуv аndv2
uf0ροsn νегvіfісiаtzіv9οtn, wе wfіl049l гsеmοoνеl
а9nу
ге2ѕittгhісt02іοoni2ѕ ρlnlас5е4d οnsz9 уοvuoгz
ρгοfoіolе.
SpamAssassin renders the body text similarly.
Yes, and that should provide places to hang 'body' rules for someone
with the time & skill to write them. Bayes could in principle do the
work, except for the problem of the inserts acting like crypto 'salt'
does for thwarting pre-calculated hash tables.
