Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Strange mail with number in subject line and body

From: paul.french () abs gov au
Date: Thu, 8 Jun 2006 09:38:38 +0800
We had a similar incident sometime back but it was a name in both the
subject and body.

Greylisting, which we are about to implement, is an extra line of defence
where an MTA will temporarily reject email from a new or unrecognised
source.   A legitimate (and properly configured) mail server will attempt
to connect later on to deliver the e-mail.  Many mass e-mail tools used by
spammers will not bother to retry a failed delivery, so the spam is never
delivered.  One can only hope that a failed delivery the first time would
lead spammers to believe that it is an invalid address.

cheers
Paul


                                                                                                                        
                  
             "Jamie Riden"                                                                                              
                  
             jamesr () europe com                                                                                       
                     
             Sent by:                                                                                                   
               To 
             jamie.riden () gmail com         "Christine Kronberg" <seeker () shalla de>                                
                        
                                                                                                                        
               cc 
                                           junkmail () babtras com, incidents () securityfocus com                      
                        
             08/06/2006 07:05 AM                                                                                        
          Subject 
                                           Re: Re: Strange mail with number in subject line and body                    
                  
                                                                                                                        
                  
                                                                                                                        
                  
                                                                                                                        
                  
                                                                                                                        
                  
                                                                                                                        
                  
                                                                                                                        
                  




On 08/06/06, Christine Kronberg <seeker () shalla de> wrote:

On Wed, 7 Jun 2006, junkmail () babtras com wrote:


My best guess is that this is meant to poison the statistics of

bayesian mail filters and trick them into letting spam through.


   Do you really think a few mails with just a number in it will have
   a noticeable effect on the filters? To me it seems more likely that
   someone uses a bot net for address verification and list washing.


Indeed - most Bayesian techniques I have seen will only look at the n
most 'useful' words in determining whether it's spam or not spam. I
just can't see any feasible way to poison this sort of scheme.

cheers,
 Jamie
--
Jamie Riden / jamesr () europe com / jamie.riden () computer org
NZ Honeynet project - http://www.nz-honeynet.org/

------------------------------------------------------------------------------

This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las
Vegas.
World renowned security experts reveal tomorrow.s threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of
your
security environment. Featuring 36 hands-on training courses and 10
conference
tracks, networking opportunities with over 2,500 delegates from 40+
nations.

http://www.blackhat.com
------------------------------------------------------------------------------






------------------------------------------------------------------------------------------------
Free publications and statistics available on www.abs.gov.au


------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas. 
World renowned security experts reveal tomorrow.s threats today. Free of 
vendor pitches, the Briefings are designed to be pragmatic regardless of your 
security environment. Featuring 36 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,500 delegates from 40+ nations. 

http://www.blackhat.com
------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: