Re: [Full-disclosure] Analysis: Postbank.nl Phishing Scam

From: Moritz Naumann (lists_at_moritz-naumann.com)
Date: 06/06/05

  • Next message: Alexander Hristov: "[Full-disclosure] Exploits Selling / Buying"
    Date: Mon, 06 Jun 2005 20:39:05 +0200
    To: Vincent van Scherpenseel <mailinglists@vanscherpenseel.nl>
    
    

    Vincent van Scherpenseel schrieb:
    > You can read the analysis at: http://www.syn-ack.org/papers/postbank.html .
    >
    > I would love to receive any feedback on it, either positive or negative, as
    > long as arguments are supplied.

    Quoting from your analysis:
    > Unfortunately I wasn't able to determine what 'RCVD_IN_LSORBS' means.
    > A Google and a Google Groups session yielded zero results.

    I'm not sure whether this is a common SpamAssassin rule (I simply didn't
    check). I also do no know what the 'L' in 'LSORBS' stands for. However,
    the rest clearly means that the downmost 'Received' email header line
    contained an IP address which is listed in the SORBS ("Spam and Open
    Relay Blocking System") DNS blacklist <http://www.sorbs.net/>.

    Moritz Naumann
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Alexander Hristov: "[Full-disclosure] Exploits Selling / Buying"