New Spam Format? Could be 0-day?

Martin Hepworth martinh at solidstatelogic.com
Wed Sep 20 14:51:11 IST 2006


Billy A. Pumphrey wrote:
> Mine shows 5 messages with the subject containing "Medicare Confirmed"
> and earliest record is 27/08/06.  Only three were marked spam and that
> was from listed in RBL.
> 
> Message Listing 
> # Date/Time (A/D)  From (A/D)  To (A/D)  Subject (A/D)  Size (A/D)  SA
> Score (A/D)  Status 
> [  ] 18/09/06 10:41:02 seminvariantive at familyservicemch.org
> tdinwiddie at woodmaclaw.com Charges for Medicare Confirmed. View Claim
> #57704 33.3Kb 0.39 Spam 
> 
> [  ] 14/09/06 15:14:07 charpoys at brontekitchens.com
> jmckean at woodmaclaw.com Charges for Medicare Confirmed. View Letter
> #20343 33.3Kb 0.56 Clean 
> 
> [  ] 10/09/06 12:33:10 suspendible at siouxfallstourism.com
> noconnor at woodmaclaw.com Charges for Medicare Confirmed. View Bill #64257
> 33.3Kb -1.60 Spam 
> 
> [  ] 03/09/06 04:10:51 celiadelphus at simplysnowflakes.com
> cjacobson at woodmaclaw.com Charges for Medicare Confirmed. View Statement
> #28352 33.4Kb -1.60 Spam 
> 
> [  ] 27/08/06 22:26:12 assegais at paraplegicssanjose.com
> jhammond at woodmaclaw.com Charges for Medicare Confirmed. View Claim
> #69312 33.4Kb -1.60 Clean
> 
> Billy Pumphrey
> IT Manager
> Wooden & McLaughlin
> 
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of Chris Burton
>> Sent: Wednesday, September 20, 2006 8:33 AM
>> To: MailScanner discussion
>> Subject: Re: New Spam Format? Could be 0-day?
>>
>>> I've just received a spam message with an attached MS Word document
> in a
>>> new
>>> spin on the GIF attachment method. Has anybody else seen this
> before?
>>> Should
>>> I be forwarding this on to other lists?
>> I've been seeing these for a while now (earliest example I have is
> from
>> Aug
>> 18).
>>
>> ChrisB.
>>

caught as spam on my system, heres a typical score set


	score=13.863	
5	required	
2.00	BAYES_80	Bayesian spam probability is 80 to 95%
4.00	DCC_CHECK	Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
1.25	FH_RELAY_NODNS	We could not determine your Reverse DNS
0.46	HELO_EQ_LOCALHOST	
0.84	HELO_EQ_NO_DOT	
1.00	L_DRUGS12	
4.00	RCVD_IN_BL_SPAMCOP_NET	Received via a relay in bl.spamcop.net
0.12	SUBJ_CONFIRMATION	Has spam word 'conofirm' or 'confirmation'
0.19	SUBJ_HAS_UNIQ_ID	Subject contains a unique ID




-- 
Martin Hepworth
Senior Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************



More information about the MailScanner mailing list