New Spam?
Scott Silva
ssilva at sgvwater.com
Tue Sep 11 00:25:37 IST 2007
Seamus Allan spake the following on 9/10/2007 2:01 PM:
> Hi guys,
>
> I don't *think* I have seen this mentioned, but I got an interesting
> piece of spam this morning.
> It was an HTML email with the words Viagra and Cialis in it, and a small
> amount of random lettering right aligned. My scanner let it through,
> giving it scores for obfuscated text, but nothing for the words.
> Puzzled, I highlighted the word Viagra, and to my surprise half of the
> random text on the right selected too. I think they are using DIV's or
> something to hide text in text, but display it correctly to be read.
> I have uploaded a copy of the file if anyone wants to have a look,
> perhaps you'll see some of this in your inbox's soon?
> Any ideas on how to catch this?
>
> http://files.rheelweb.co.nz/spam.txt
> http://files.rheelweb.co.nz/spam.eml
>
> Cheers
>
> Seamus
My system seemed to score it high enough to at least mark it.
Content analysis details: (8.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.6 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.7 SARE_HTML_USL_OBFU RAW: Message body has very strange HTML sequence
3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: advertisingcs.com]
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list