Message-ID: <6.0.1.1.0.20031230161104.0264c5d0@localhost>
From: Kare at Presttun.org (Kare Presttun)
Subject: weird worm ?

At 30.12.2003 15:25 +0100, Joris De Donder wrote:
 >
 >> highest bailiff nomad father advise heir
 >> oxygen honorarium allegro reveal wronskian indentation coachmen
 >> deficient tribute arcturus mitigate bypath
 >>
 >>
 >> Anyone got a clue what this is? There are no attachments to these 
mails, but
 >> they keep coming in at a rate of about 1-2 per day, from different sources,
 >> nobody I know really.
 >
 >Could be an attempt to 'poison' Bayesian filters. If people identify
 >these messages as spam and use them to train their Bayesian filters,
 >more and more 'good'/'normal' words will get a high spamvalue
 >resulting in a higer rate of false positives.
 >
 >Or maybe it was an attempt to bypass Bayesian filters and the spammer
 >just forgot to include an url.

I have looked at a few of them and they include an image (at least
the ones I have got) with the actual spam message and a URL
behind the image itself to take you to a web site. I have got some
for cable TV bypass. I seems obvious that they attempt to poison
Bayesian filters. Some of them also used my e-mail as sender
address clearly to get around spam filters. I'm running SpamPal
and use it for outbound mail to train the whitelist to accept people
I'm sending mail to. I have also imported some of these messages
as spam into the Bayesian filter to train it. I also put my address
into the Exclusions for automatic whitelisting to avoid the mails
with my address in the sender field to slip through. Now all the shit
get junked.

Med vennlig hilsen | Best regards,
K?re Presttun
Tel.: +47 4100 4908
mailto:Kare@...sttun.org
http://www.presttun.org/kare/ 

Powered by blists - more mailing lists