[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] weird worm ?
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] weird worm ?
- From: Nick FitzGerald <nick@virus-l.demon.co.uk>
- Date: Wed, 31 Dec 2003 10:14:10 +1300
roy@rant-central.com wrote:
> On Tuesday 30 December 2003 01:33 pm, Discini, Sonny wrote:
> > Yes, I have seen similar e-mails and yes, this appears to be word list
> > probes to see what will and will not pass through your filter.
>
> I don't think so. The examples I've seen here have been nothing but a string
> of nonsense words, with no link or web bug. A probe has to have some way of
> reporting success/failure, and I don't know many systems that bounce spam
> filter failures. They're much more likely to be attempts to poison Bayesian
> filters.
While I agree in general with your comments and interpretation, I'd
point out that _many_ of these type of messages I've seen, and as
reported by others, do contain a text/html component that usually
consists of a short ad message or (mostly what I have seen) a link to a
graphic (which is presumably the actual spammed advertisement) _plus_
the random word list ("hidden" with text the same colour as the
background). A couple of months ago (?), when this tactic was first
being reported I only saw the text-only form with no advertising
component, but it seems (from an informal sampling of my recent
received spam) that such messages with advertising content are more
common now.
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html