Security Incidents mailing list archives

RE: Re: Strange mail with number in subject line and body

From: "Latalladi, Eric" <e () jbh com>
Date: Thu, 8 Jun 2006 09:41:17 -0400

Has anyone noticed these emails coming in with .PNG attachments? I've
been getting a mixed bag of these emails, some with .PNG attachments,
some without...


Regards,
Eric 

-----Original Message-----
From: paul.french () abs gov au [mailto:paul.french () abs gov au] 
Sent: Wednesday, June 07, 2006 9:39 PM
To: jamesr () europe com
Cc: incidents () securityfocus com; jamie.riden () gmail com;
junkmail () babtras com; Christine Kronberg
Subject: Re: Re: Strange mail with number in subject line and body

We had a similar incident sometime back but it was a name in both the
subject and body.

Greylisting, which we are about to implement, is an extra line of
defence where an MTA will temporarily reject email from a new or
unrecognised
source.   A legitimate (and properly configured) mail server will
attempt
to connect later on to deliver the e-mail.  Many mass e-mail tools used
by spammers will not bother to retry a failed delivery, so the spam is
never delivered.  One can only hope that a failed delivery the first
time would lead spammers to believe that it is an invalid address.

cheers
Paul


 

             "Jamie Riden"

             jamesr () europe com

             Sent by:
To 
             jamie.riden () gmail com         "Christine Kronberg"
<seeker () shalla de>

 
cc 
                                           junkmail () babtras com,
incidents () securityfocus com

             08/06/2006 07:05 AM
Subject 
                                           Re: Re: Strange mail with
number in subject line and body                                      
 

 

 

 

 

 





On 08/06/06, Christine Kronberg <seeker () shalla de> wrote:

On Wed, 7 Jun 2006, junkmail () babtras com wrote:

My best guess is that this is meant to poison the statistics of

bayesian mail filters and trick them into letting spam through.


   Do you really think a few mails with just a number in it will have
   a noticeable effect on the filters? To me it seems more likely that
   someone uses a bot net for address verification and list washing.

Indeed - most Bayesian techniques I have seen will only look at the n
most 'useful' words in determining whether it's spam or not spam. I just
can't see any feasible way to poison this sort of scheme.

cheers,
Jamie
--
Jamie Riden / jamesr () europe com / jamie.riden () computer org NZ Honeynet
project - http://www.nz-honeynet.org/

------------------------------------------------------------------------
------

This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las
Vegas.
World renowned security experts reveal tomorrow.s threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of
your security environment. Featuring 36 hands-on training courses and 10
conference tracks, networking opportunities with over 2,500 delegates
from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------
------

------------------------------------------------------------------------
------------------------
Free publications and statistics available on www.abs.gov.au

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

http://www.blackhat.com
------------------------------------------------------------------------
------

J.B. Hanauer & Co. will not accept trade order instructions via e-mail and will not be responsible for carrying out
such orders and/or instructions. This e-mail is not an official transaction confirmation. The only official
confirmation of a transaction will be sent to you via regular mail. J.B. Hanauer & Co. reserves the right to monitor
and review the content of all e-mail communications sent and/or received by its employees. Since the confidentiality of
Internet e-mail cannot be guaranteed, please refrain from sending personal or sensitive information (Social Security
numbers, usernames/passwords, bank information, account numbers, birth dates, etc.) in your e-mails to J.B. Hanauer &
Co.

------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas.
World renowned security experts reveal tomorrow.s threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------------

Current thread:

Re: Strange mail with number in subject line and body, (continued)
- Re: Strange mail with number in subject line and body Jamie Riden (Jun 06)
  - RE: Strange mail with number in subject line and body Tim Boyer (Jun 07)
- Re: Strange mail with number in subject line and body Isaac Perez (Jun 07)
- Re: Re: Strange mail with number in subject line and body junkmail (Jun 06)
  - Re: Re: Strange mail with number in subject line and body Christine Kronberg (Jun 07)
    - Re: Re: Strange mail with number in subject line and body Jamie Riden (Jun 07)
  - Message not available
    - Re: Strange mail with number in subject line and body Anthony Petito (Jun 07)
- RE: Strange mail with number in subject line and body Shaffer, Bruce (Jun 07)
- Re: Re: Strange mail with number in subject line and body paul . french (Jun 07)
  - Re: Strange mail with number in subject line and body Jesse Gough (Jun 07)
  - RE: Re: Strange mail with number in subject line and body Latalladi, Eric (Jun 08)