[Mimedefang] Massive spam with randon subjects
Joseph Brennan
brennan at columbia.edu
Fri Dec 19 14:54:34 EST 2003
--On Friday, December 19, 2003 14:33 -0500 Joseph Brennan
<brennan at columbia.edu> wrote:
>
>> Re: IAANWBC, what's this now?'
>> Re: VE, this taletelling about
>>
>> And some unwise spammer, show me part of the construction method of
>> the line:
>>
>> Re: %RND_UC_CHAR[2-8], the two quarrelling
This is the same spammer I wrote about at the start of this week.
His URLs are hosted in China. He has a huge network of compromised
Windows boxes worldwide that are being abused to send this stuff.
The future of spam? Scary.
The items I mentioned are not present in all copies (the <HEAD>
never closed, and the silly X-Originating-IP). Some are better
done. Interestingly it suggests at least two spamware packages,
or something very configurable.
The pattern mentioned above really is the only thing consistent.
I'm still uneasy about filtering on that.
Joseph Brennan Columbia University in the City of New York
Academic Technologies Group brennan at columbia.edu
More information about the MIMEDefang
mailing list