| View previous topic :: View next topic |
| Author |
Message |
c0mplex
Junior Member
Joined: 21 Mar 2005
Last Visit: 28 Apr 2005
Posts: 11
|
 Posted: Mon Mar 21, 2005 4:24 am Post subject: The new way spammers uses for delivering their messeges... |
 |
|
Spammers are now using a new way in order to deliver their messeges. It is called Trigger Mail.
Example of a message:
Breaking News.
Would you ref inance if you knew you'd SAVE TH0USANDS?
We'll get you lnterest as low as 3.89%.
Have Bad c(r)edit? No Problem! Low rates are fixed no matter what.
Fill out our small online form and we'll show you how.
Get the house and/or car you always wanted, it only takes 2 minutes of your time:
ez-rate.info/bud
Noted the difference?
They no longer use fancy colors html pages in their messages, just simpel ASCII text.
Just wanna inform you all...
_________________
SpyWare are our enemies!
Mozilla FireFox is the best!
Knowledge Management |
|
| Back to top |
|
 |
Blinn
Warrior Guru
Joined: 10 Nov 2004
Last Visit: 15 Apr 2009
Posts: 424
Location: San Francisco, CA
|
| Posted: Mon Mar 21, 2005 2:16 pm Post subject: |
|
|
If I can't determine in a blink of an eye whether a message is important, it is deleted without hesitation or further investigation. So far so good  . |
|
| Back to top |
|
|
ld
Warrior
Joined: 01 Mar 2005
Last Visit: 29 Jul 2010
Posts: 185
|
| Posted: Mon Mar 21, 2005 9:22 pm Post subject: |
|
|
I've seen plain text only spams for quite some time, some even much shorter than the one posted. Spamassassin generally doesn't have too much trouble with them. With any spam the source address will turn up in RBL's eventually. If there are URL's like in the example posted that will turn up in a URI blacklist. The bayenesian filters are good at learning these plain text emails. The obfuscated refinance and bad credit can be picked up easily with the perl regular expression rules. I prefer the obfuscation because then I know someone is up to something, opposed to them not trying to hide it.
I'm more interested in what spammers are doing to to evade certain anti-spam products. Such as about a month ago a spammer was putting ^M (windows newline character) in the middle of URL's. The URL would still work but the ^M character broke spamassassins URI matcher. Spamassassin had this fixed in under 24 hours since the bug report was filed. Things like this are good to keep track of because you can add rules to pick up people trying to exploit these bugs. |
|
| Back to top |
|
|
c0mplex
Junior Member
Joined: 21 Mar 2005
Last Visit: 28 Apr 2005
Posts: 11
|
|
| Back to top |
|
|
ld
Warrior
Joined: 01 Mar 2005
Last Visit: 29 Jul 2010
Posts: 185
|
| Posted: Tue Mar 22, 2005 5:53 am Post subject: |
|
|
| Spamassassins or more specifically the SpamCopUri code in it is able to resolve tinyurl among others. It will follow it through 4 redirections deep. Also many of these sites use URI blacklists or other means to prevent spammers from using their service. This is likely why you don't see alot of spammers trying to take advantage of sites like these. |
|
| Back to top |
|
|
c0mplex
Junior Member
Joined: 21 Mar 2005
Last Visit: 28 Apr 2005
Posts: 11
|
| Posted: Tue Mar 22, 2005 6:29 am Post subject: Reply |
|
|
Really? If it is so, then spammers should have a bad time trying to deliver their messages, don't they?
_________________
SpyWare are our enemies!
Mozilla FireFox is the best!
Knowledge Management |
|
| Back to top |
|
|
|
