Spam with random letter sequences
mikea
mikea at mikea.ath.cx
Wed Mar 12 16:15:26 GMT 2008
On Wed, Mar 12, 2008 at 03:46:38PM +0000, David Lee wrote:
> On Wed, 12 Mar 2008, Julian Field wrote:
>
> > Anyone been seeing any spam that looks like this?
>
> Yes.
>
> > Anyone know any good ways of stopping it?
>
> No.
>
> But it seems genuinely to come through "yahoo" (judging by the "Received:"
> field as it hops over the garden wall into our jurisdiction).
>
> We've been seeing it for several days. The content seems too random for
> Bayes to do anything systematically reliably with it. And the embedded
> URLs seem to hop about, possibly too fast for the blacklists (accessed via
> SA) to keep pace. (We also use "spamhaus", via JANET, to do MTA blocking,
> which may stop some; but there's a lot still gets through.)
>
> I wonder how much Yahoo are doing to try to block it?
Headers and body to me by private mail, please? I have some contacts
at Yahoo that may be able to get something done about this, or to tell
me what _they_ are seeing.
The embedded URLs probably are of fast-flux servers on zombies, with
private DNS also on zombies. See "Corrupted DNS Resolution Paths: The
Rise of a Malicious Resolution Authority" foran academic article on
closely-related matters. I don't have a URL for the paper, but think a
Google search on the title or keywords from it will get it for you.
--
Mike Andrews, W5EGO
mikea at mikea.ath.cx
Tired old sysadmin
More information about the MailScanner
mailing list