Re: weird worm ?

[Nick FitzGerald <nick () virus-l demon co uk>]

roy () rant-central com wrote:

> On Tuesday 30 December 2003 01:33 pm, Discini, Sonny wrote:
> > Yes, I have seen similar e-mails and yes, this appears to be word list
> > probes to see what will and will not pass through your filter. 
>
> I don't think so.  The examples I've seen here have been nothing but a string 
> of nonsense words, with no link or web bug.  A probe has to have some way of 
> reporting success/failure, and I don't know many systems that bounce spam 
> filter failures. They're much more likely to be attempts to poison Bayesian 
> filters.

While I agree in general with your comments and interpretation, I'd 
point out that _many_ of these type of messages I've seen, and as 
reported by others, do contain a text/html component that usually 
consists of a short ad message or (mostly what I have seen) a link to a 
graphic (which is presumably the actual spammed advertisement) _plus_ 
the random word list ("hidden" with text the same colour as the 
background).  A couple of months ago (?), when this tactic was first 
being reported I only saw the text-only form with no advertising 
component, but it seems (from an informal sampling of my recent 
received spam) that such messages with advertising content are more 
common now.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html