RE: [Full-Disclosure] weird worm ?

From: Discini, Sonny (Sonny.Discini_at_montgomerycountymd.gov)
Date: 12/30/03

  • Next message: petard: "Re: [Full-Disclosure] Whois acting funny in FreeBSD"
    To: "Rapaill" <Max.Rapaille@nbb.be>, <full-disclosure@lists.netsys.com>
    Date: Tue, 30 Dec 2003 13:33:29 -0500
    
    

    Yes, I have seen similar e-mails and yes, this appears to be word list probes to see what will and will not pass through your filter. Once they compile a reasonable trigger list, they will omit those words from their SPAM messages. This also explains why the e-mail is coming from random sources. If it came from a real address, they know that any reasonable admin would add the domain to their block list.

    Fwiw

    -----Original Message-----
    From: Rapaill [mailto:Max.Rapaille@nbb.be]
    Sent: Tuesday, December 30, 2003 8:32 AM
    To: full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] weird worm ?

    Hi,

    Perhaps some spammers trying to test circumvention of anti-spam filter ? Just filling mail with random words to test if this can pass some score-based filter like Baysian filter?

    If those messages are accepted, they will try later with some advertising for a Miracle Pill to make some part of your body bigger ? ;-)

    Regards,
    Max

    -----Original Message-----
    From: vogt@hansenet.com [mailto:vogt@hansenet.com]
    Sent: mardi 30 décembre 2003 13:48
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] weird worm ?

    Hi everyone -

    For days now, I've been receiving weird messages, with a few lines of apparently random, garbage text, like this:

    highest bailiff nomad father advise heir
    oxygen honorarium allegro reveal wronskian indentation coachmen
    deficient tribute arcturus mitigate bypath

    A

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: petard: "Re: [Full-Disclosure] Whois acting funny in FreeBSD"

    Relevant Pages

    • RE: [Full-Disclosure] weird worm ?
      ... Perhaps some spammers trying to test circumvention of anti-spam filter? ... Just filling mail with random words to test if this can pass some score-based filter like Baysian filter? ... Subject: [Full-Disclosure] weird worm? ...
      (Full-Disclosure)
    • Re: [Full-disclosure] EUSecWest CFP Closes April 14th (conf May21/22 2008)
      ... I did a filter for n3td3v in the subject line to filter out that 63 email conversation. ... [Full-disclosure] EUSecWest CFP Closes April 14th (conf May ... is getting beyond a joke now all this unlawful commercial spam. ... These people are making big money and they shouldn't be allowed free ...
      (Full-Disclosure)
    • Re: [Full-disclosure] so this is FD...
      ... Basically it boils ... on bugtraq, someone is filtering for you while on f-d, you are ... Hell, if you filter out ... full-disclosure is actually quite readable. ...
      (Full-Disclosure)
    • RE: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY!!
      ... Subject: [Full-Disclosure] Subject prefix changing! ... > The subject header is going to change. ... Choice two may be preferable for people who can only filter their ...
      (Full-Disclosure)
    • [Full-Disclosure] Mailfilters or how I learned to stop worrying and love the n00bs.
      ... I just heard of a really cool new technology called mail-filters! ... You can even set a filter for specific people, so you won't have to read anything I ever send to any list again! ... [Full-Disclosure] "You have sent the attached unsolicited e-mail to an otherwise GOOD security email list." ... > To: Eric Scher ...
      (Full-Disclosure)