Last Updated: 2007-08-07 20:35:18 UTC
by Maarten Van Horenbeeck (Version: 1)
Readers reported e-mails containing nothing but a six digit number in the subject line, followed by an 8 character hexadecimal string as content. This type of e-mail isn't new, dating back to June 2006, when it was attributed to a Beagle variant. However, there has been a significant increase over the last 24 hours.
For those using spamassassin, the botnet plugin in addition to the helo_dynamic rules have proven to be useful in filtering out these messages. This is one example where sender profiling appears more powerful than content analysis.
Thanks to Ray, Jeff & Greg for reporting their findings and fellow handlers David and Donald for their insight.