lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: weird worm ?

roy@...t-central.com wrote:

> On Tuesday 30 December 2003 01:33 pm, Discini, Sonny wrote:
> > Yes, I have seen similar e-mails and yes, this appears to be word list
> > probes to see what will and will not pass through your filter. 
> 
> I don't think so.  The examples I've seen here have been nothing but a string 
> of nonsense words, with no link or web bug.  A probe has to have some way of 
> reporting success/failure, and I don't know many systems that bounce spam 
> filter failures. They're much more likely to be attempts to poison Bayesian 
> filters.

While I agree in general with your comments and interpretation, I'd 
point out that _many_ of these type of messages I've seen, and as 
reported by others, do contain a text/html component that usually 
consists of a short ad message or (mostly what I have seen) a link to a 
graphic (which is presumably the actual spammed advertisement) _plus_ 
the random word list ("hidden" with text the same colour as the 
background).  A couple of months ago (?), when this tactic was first 
being reported I only saw the text-only form with no advertising 
component, but it seems (from an informal sampling of my recent 
received spam) that such messages with advertising content are more 
common now.


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ