Re: [Full-Disclosure] weird worm ?
From: Kare Presttun (Kare_at_Presttun.org)
To: Joris De Donder <firstname.lastname@example.org> Date: Tue, 30 Dec 2003 16:22:34 +0100
At 30.12.2003 15:25 +0100, Joris De Donder wrote:
>> highest bailiff nomad father advise heir
>> oxygen honorarium allegro reveal wronskian indentation coachmen
>> deficient tribute arcturus mitigate bypath
>> Anyone got a clue what this is? There are no attachments to these
>> they keep coming in at a rate of about 1-2 per day, from different sources,
>> nobody I know really.
>Could be an attempt to 'poison' Bayesian filters. If people identify
>these messages as spam and use them to train their Bayesian filters,
>more and more 'good'/'normal' words will get a high spamvalue
>resulting in a higer rate of false positives.
>Or maybe it was an attempt to bypass Bayesian filters and the spammer
>just forgot to include an url.
I have looked at a few of them and they include an image (at least
the ones I have got) with the actual spam message and a URL
behind the image itself to take you to a web site. I have got some
for cable TV bypass. I seems obvious that they attempt to poison
Bayesian filters. Some of them also used my e-mail as sender
address clearly to get around spam filters. I'm running SpamPal
and use it for outbound mail to train the whitelist to accept people
I'm sending mail to. I have also imported some of these messages
as spam into the Bayesian filter to train it. I also put my address
into the Exclusions for automatic whitelisting to avoid the mails
with my address in the sender field to slip through. Now all the shit
Med vennlig hilsen | Best regards,
Tel.: +47 4100 4908
Full-Disclosure - We believe in it.