Security Incidents mailing list archives
RE: Re: Strange mail with number in subject line and body
From: "Latalladi, Eric" <e () jbh com>
Date: Thu, 8 Jun 2006 09:41:17 -0400
Has anyone noticed these emails coming in with .PNG attachments? I've been getting a mixed bag of these emails, some with .PNG attachments, some without... Regards, Eric -----Original Message----- From: paul.french () abs gov au [mailto:paul.french () abs gov au] Sent: Wednesday, June 07, 2006 9:39 PM To: jamesr () europe com Cc: incidents () securityfocus com; jamie.riden () gmail com; junkmail () babtras com; Christine Kronberg Subject: Re: Re: Strange mail with number in subject line and body We had a similar incident sometime back but it was a name in both the subject and body. Greylisting, which we are about to implement, is an extra line of defence where an MTA will temporarily reject email from a new or unrecognised source. A legitimate (and properly configured) mail server will attempt to connect later on to deliver the e-mail. Many mass e-mail tools used by spammers will not bother to retry a failed delivery, so the spam is never delivered. One can only hope that a failed delivery the first time would lead spammers to believe that it is an invalid address. cheers Paul "Jamie Riden" jamesr () europe com Sent by: To jamie.riden () gmail com "Christine Kronberg" <seeker () shalla de> cc junkmail () babtras com, incidents () securityfocus com 08/06/2006 07:05 AM Subject Re: Re: Strange mail with number in subject line and body On 08/06/06, Christine Kronberg <seeker () shalla de> wrote:
On Wed, 7 Jun 2006, junkmail () babtras com wrote:My best guess is that this is meant to poison the statistics of
bayesian mail filters and trick them into letting spam through.
Do you really think a few mails with just a number in it will have a noticeable effect on the filters? To me it seems more likely that someone uses a bot net for address verification and list washing.
Indeed - most Bayesian techniques I have seen will only look at the n most 'useful' words in determining whether it's spam or not spam. I just can't see any feasible way to poison this sort of scheme. cheers, Jamie -- Jamie Riden / jamesr () europe com / jamie.riden () computer org NZ Honeynet project - http://www.nz-honeynet.org/ ------------------------------------------------------------------------ ------ This List Sponsored by: Black Hat Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas. World renowned security experts reveal tomorrow.s threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. http://www.blackhat.com ------------------------------------------------------------------------ ------ ------------------------------------------------------------------------ ------------------------ Free publications and statistics available on www.abs.gov.au ------------------------------------------------------------------------ ------ This List Sponsored by: Black Hat Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas. World renowned security experts reveal tomorrow.s threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. http://www.blackhat.com ------------------------------------------------------------------------ ------ J.B. Hanauer & Co. will not accept trade order instructions via e-mail and will not be responsible for carrying out such orders and/or instructions. This e-mail is not an official transaction confirmation. The only official confirmation of a transaction will be sent to you via regular mail. J.B. Hanauer & Co. reserves the right to monitor and review the content of all e-mail communications sent and/or received by its employees. Since the confidentiality of Internet e-mail cannot be guaranteed, please refrain from sending personal or sensitive information (Social Security numbers, usernames/passwords, bank information, account numbers, birth dates, etc.) in your e-mails to J.B. Hanauer & Co. ------------------------------------------------------------------------------ This List Sponsored by: Black Hat Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas. World renowned security experts reveal tomorrow.s threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. http://www.blackhat.com ------------------------------------------------------------------------------
Current thread:
- Re: Strange mail with number in subject line and body, (continued)
- Re: Strange mail with number in subject line and body Jamie Riden (Jun 06)
- RE: Strange mail with number in subject line and body Tim Boyer (Jun 07)
- Re: Strange mail with number in subject line and body Isaac Perez (Jun 07)
- Re: Re: Strange mail with number in subject line and body junkmail (Jun 06)
- Re: Re: Strange mail with number in subject line and body Christine Kronberg (Jun 07)
- Re: Re: Strange mail with number in subject line and body Jamie Riden (Jun 07)
- Message not available
- Re: Strange mail with number in subject line and body Anthony Petito (Jun 07)
- Re: Re: Strange mail with number in subject line and body Christine Kronberg (Jun 07)
- Re: Strange mail with number in subject line and body Jamie Riden (Jun 06)
- RE: Strange mail with number in subject line and body Shaffer, Bruce (Jun 07)
- Re: Re: Strange mail with number in subject line and body paul . french (Jun 07)
- Re: Strange mail with number in subject line and body Jesse Gough (Jun 07)
- RE: Re: Strange mail with number in subject line and body Latalladi, Eric (Jun 08)