Message-ID: <BE95468933894D4D966D724C295E15A202BEF2C6@mcg-ex05.mcgov.org>
From: Sonny.Discini at montgomerycountymd.gov (Discini, Sonny)
Subject: weird worm ?

" don't think so.  The examples I've seen here have been nothing but a
string 
of nonsense words, with no link or web bug.  A probe has to have some
way of 
reporting success/failure, and I don't know many systems that bounce
spam 
filter failures."

Actually,  by default, Symantec's SPAM filter will send a reply to the
sender if an e-mail triggers a rule. This would be the success/failure
reporting that you have mentioned.

  

-----Original Message-----
From: roy@...t-central.com [mailto:roy@...t-central.com] 
Sent: Tuesday, December 30, 2003 2:36 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] weird worm ?


On Tuesday 30 December 2003 01:33 pm, Discini, Sonny wrote:
> Yes, I have seen similar e-mails and yes, this appears to be word list

> probes to see what will and will not pass through your filter.

I don't think so.  The examples I've seen here have been nothing but a
string 
of nonsense words, with no link or web bug.  A probe has to have some
way of 
reporting success/failure, and I don't know many systems that bounce
spam 
filter failures. They're much more likely to be attempts to poison
Bayesian 
filters.

> This also explains why the e-mail is coming from random sources. If it

> came from a real address, they know that any reasonable admin would 
> add the domain to their block list.

That much makes sense.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists