Re: Image SPAM Increase?

[Dave Koontz <dkoontz () MBC EDU>]

If you are running Spam Assassin, update to v3.1.0 or v3.1.1 with associated
rule sets.

Also, you may want to add the SARE Rule sets, especially 70_sare_stocks.cf
from http://www.rulesemporium.com/rules.htm.

If you notice, these spams are all GIF attachments.  Most users send JPG
images and have decent text ratios.  If you are using the SARE rules, you
may want to up your score for SARE_GIF_STOX to something like 4.0.

You may also want to setup your SA Installation to check for URI Blacklists
from http://uribl.com/


---
Dave Koontz
Associate Director CIS
Mary Baldwin College


-----Original Message-----
From: Gary Flynn [mailto:flynngn () JMU EDU]
Sent: Wednesday, April 19, 2006 12:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Image SPAM Increase?

Ken Connelly wrote:

> Anything common about these messages that would help me find/identify
them?

The only thing I've seen so far is that the X-mailer header in all of them
is Microsoft Outlook Express. Different versions though. I wonder if this
could be a sign the senders are BOTS.

Subject, return path, source IP address, image name, image file, all vary.

I've attached a sample message and image. Don't know if it will go through
to the list.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security