Re: [Full-Disclosure] weird worm ?

From: Kare Presttun (Kare_at_Presttun.org)
Date: 12/30/03

  • Next message: dwr3ck_at_hushmail.com: "[Full-Disclosure] Disabling Cached Logon Credentials"
    To: Joris De Donder <joris@digitaldefense.be>
    Date: Tue, 30 Dec 2003 16:22:34 +0100
    
    

    At 30.12.2003 15:25 +0100, Joris De Donder wrote:
    >
    >> highest bailiff nomad father advise heir
    >> oxygen honorarium allegro reveal wronskian indentation coachmen
    >> deficient tribute arcturus mitigate bypath
    >>
    >>
    >> Anyone got a clue what this is? There are no attachments to these
    mails, but
    >> they keep coming in at a rate of about 1-2 per day, from different sources,
    >> nobody I know really.
    >
    >Could be an attempt to 'poison' Bayesian filters. If people identify
    >these messages as spam and use them to train their Bayesian filters,
    >more and more 'good'/'normal' words will get a high spamvalue
    >resulting in a higer rate of false positives.
    >
    >Or maybe it was an attempt to bypass Bayesian filters and the spammer
    >just forgot to include an url.

    I have looked at a few of them and they include an image (at least
    the ones I have got) with the actual spam message and a URL
    behind the image itself to take you to a web site. I have got some
    for cable TV bypass. I seems obvious that they attempt to poison
    Bayesian filters. Some of them also used my e-mail as sender
    address clearly to get around spam filters. I'm running SpamPal
    and use it for outbound mail to train the whitelist to accept people
    I'm sending mail to. I have also imported some of these messages
    as spam into the Bayesian filter to train it. I also put my address
    into the Exclusions for automatic whitelisting to avoid the mails
    with my address in the sender field to slip through. Now all the shit
    get junked.

    Med vennlig hilsen | Best regards,
    Kåre Presttun
    Tel.: +47 4100 4908
    mailto:Kare@Presttun.org
    http://www.presttun.org/kare/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: dwr3ck_at_hushmail.com: "[Full-Disclosure] Disabling Cached Logon Credentials"

    Relevant Pages

    • Re: ROUNSFELL UKGID
      ... These addresses are then sold to the companies who send out SPAM. ... One day I received over 2000 junk mails to that address and that went on ... The news group I had posted to was a Genealogy group! ... Munging an address by replacing ...
      (soc.genealogy.britain)
    • Re: OT: Futility of munged addresses
      ... yourself) or is this a general observation? ... see all the mails flagged as spam that would have been rejected. ... I have many clients who pick their own ISP. ...
      (soc.genealogy.britain)
    • Unerwuenschte Werbemails: Wir werden den Kampf verlieren
      ... Immer mehr, immer aggressiver, immer nerviger: Spam im Postfach kostet Zeit, Nerven und Geld. ... "Wir werden den Kampf gegen Spam verlieren", sagt Patrick Peterson vom Software-Unternehmen Ironport. ... Wahrscheinlich gerade deshalb zeigt die Kurve der verschickten Mails steil nach oben." ...
      (de.talk.tagesgeschehen)
    • Spam management and sa-learn
      ... which delivers mails to procmail and procmail calls spamc and finally ... I'm used to recollect spam messages in an archive named ... The problem with this setup is that I continue to get a *large* number ... it currently spamc does encapsulating in a message starting like this: ...
      (Debian-User)
    • Re: Serienmail
      ... > Martin Dietrich schrieb: ... > Logischerweise entspricht es nicht den Gegebenheiten, ... > Verbots sind deutsche Firmen äusserst zurückhaltend mit Spam. ... > Ich muss alles Mails sichten um, ...
      (de.etc.beruf.selbstaendig)