Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ... Ted. EXCERPT: ======================================================= From: Agnes McMullin <Chunnsxw@i-france.com> Subject: Greetings <html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR> More Than You Can Poss<!--F_$i8F==[F0z,,0d,0n@-->ibly Imag<!--F_$i8F==[F0z,,0d,0n@-->ine!!<BR> She is j<!--F_$i8F==[F0z,,0d,0n@-->ust trying to sp<!--F_$i8F==[F0z,,0d,0n@-->are your fe<!--F_$i8F==[F0z,,0d,0n@-->elings by tel<!--F_$i8F==[F0z,,0d,0n@-->ling you oth<!--F_$i8F==[F0z,,0d,0n@-->erwise.<BR> <BR> DON'T WA<!--F_$i8F==[F0z,,0d,0n@-->IT UN<!--F_$i8F==[F0z,,0d,0n@-->TIL SHE IS GONE<BR> TO FIND OUT THAT YOU COULDN'T SAT<!--F_$i8F==[F0z,,0d,0n@-->ISFY HER!!! <BR> <BR> INTR<!--F_$i8F==[F0z,,0d,0n@-->ODUCING, THE FI<!--F_$i8F==[F0z,,0d,0n@-->RST ALL-IN-ONE <BR> Ma<!--F_$i8F==[F0z,,0d,0n@-->le Perfo<!--F_$i8F==[F0z,,0d,0n@-->rmance En<!--F_$i8F==[F0z,,0d,0n@-->hancer AND Pe<!--F_$i8F==[F0z,,0d,0n@-->nis Enla<!--F_$i8F==[F0z,,0d,0n@-->rgement<BR> [etc.] ========================================================= -------------------------------------------------------------------- E-Mail: (Ted Harding) <Ted.Harding@nessie.mcc.ac.uk> Fax-to-email: +44 (0)870 167 1972 Date: 01-Apr-03 Time: 13:16:09 ------------------------------ XFMail ------------------------------
From: Ted Harding;
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
Ted.
EXCERPT: ======================================================= From: Agnes McMullin <Chunnsxw@i-france.com> Subject: Greetings
<html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR> More Than You Can Poss<!--F_$i8F==[F0z,,0d,0n@-->ibly Imag<!--F_$i8F==[F0z,,0d,0n@-->ine!!<BR> She is j<!--F_$i8F==[F0z,,0d,0n@-->ust trying to sp<!--F_$i8F==[F0z,,0d,0n@-->are your fe<!--F_$i8F==[F0z,,0d,0n@-->elings by tel<!--F_$i8F==[F0z,,0d,0n@-->ling you oth<!--F_$i8F==[F0z,,0d,0n@-->erwise.<BR> <BR> DON'T WA<!--F_$i8F==[F0z,,0d,0n@-->IT UN<!--F_$i8F==[F0z,,0d,0n@-->TIL SHE IS GONE<BR> TO FIND OUT THAT YOU COULDN'T SAT<!--F_$i8F==[F0z,,0d,0n@-->ISFY HER!!! <BR> <BR> INTR<!--F_$i8F==[F0z,,0d,0n@-->ODUCING, THE FI<!--F_$i8F==[F0z,,0d,0n@-->RST ALL-IN-ONE <BR> Ma<!--F_$i8F==[F0z,,0d,0n@-->le Perfo<!--F_$i8F==[F0z,,0d,0n@-->rmance En<!--F_$i8F==[F0z,,0d,0n@-->hancer AND Pe<!--F_$i8F==[F0z,,0d,0n@-->nis Enla<!--F_$i8F==[F0z,,0d,0n@-->rgement<BR> [etc.] =========================================================
-------------------------------------------------------------------- E-Mail: (Ted Harding) <Ted.Harding@nessie.mcc.ac.uk> Fax-to-email: +44 (0)870 167 1972 Date: 01-Apr-03 Time: 13:16:09 ------------------------------ XFMail ------------------------------
That's all very well, but is what they're selling any good!!?? :o)
On 01-Apr-03 Keith Watson wrote:
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
EXCERPT: ======================================================= <html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR> More Than You Can Poss<!--F_$i8F==[F0z,,0d,0n@-->ibly Imag<!--F_$i8F==[F0z,,0d,0n@-->ine!!<BR> [etc.] =========================================================
That's all very well, but is what they're selling any good!!?? :o)
Interruptus at best, by the look of it ... Ted. -------------------------------------------------------------------- E-Mail: (Ted Harding) <Ted.Harding@nessie.mcc.ac.uk> Fax-to-email: +44 (0)870 167 1972 Date: 01-Apr-03 Time: 16:03:01 ------------------------------ XFMail ------------------------------
(Ted Harding) wrote:
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
<html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR>
SA makes short work of it, though... X-Spam-Status: No, hits=3.4 tagged_above=-10000.0 required=5.0 tests=HTML_30_40, PENIS_ENLARGE2, UPPERCASE_25_50 Anything like an open relay or forged header would have pushed it over the edge into spam oblivion. Tony -- "When I am working on a problem I never think about beauty. I only think about how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -- Buckminster Fuller
Tony Hoyle wrote:
(Ted Harding) wrote:
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
<html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR>
SA makes short work of it, though...
X-Spam-Status: No, hits=3.4 tagged_above=-10000.0 required=5.0 tests=HTML_30_40, PENIS_ENLARGE2, UPPERCASE_25_50
Anything like an open relay or forged header would have pushed it over the edge into spam oblivion.
I'm running SA with amavisd, the latest versions, and I must say, it seems a lot less effective than it was, and a lot less flexible... Maybe I need to spend more time customising, but I'm getting a lot of spam breaking through, and can't find a way to create user-specific white/black-lists/filters any more. I came back from the rugby this weekend to over 500 detected spams... Cheers, Laurie. -- -------------------------------------------------------------------- Laurie Brown laurie@brownowl.com --------------------------------------------------------------------
On Tue, Apr 01, 2003 at 01:16:09PM -0000, Ted Harding wrote:
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
Looks like a growing trend, every piece of spam I've received this week has had 'mangled' HTML, full of random junk comment tags. :) -- iD, id@nooped.com ~~~~~~~~~~~~~~~~~~ Overload -- core meltdown sequence initiated.
participants (5)
-
iD -
Keith Watson -
Laurie Brown -
Ted.Harding@nessie.mcc.ac.uk -
Tony Hoyle