Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Increase in 'numerical' spam - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Increase in 'numerical' spam

Readers reported e-mails containing nothing but a six digit number in the subject line, followed by an 8 character hexadecimal string as content. This type of e-mail isn't new, dating back to June 2006, when it was attributed to a Beagle variant. However, there has been a significant increase over the last 24 hours.

For those using spamassassin, the botnet plugin in addition to the helo_dynamic rules have proven to be useful in filtering out these messages. This is one example where sender profiling appears more powerful than content analysis.

Thanks to Ray, Jeff & Greg for reporting their findings and fellow handlers David and Donald for their insight. 

Maarten

158 Posts

Sign Up for Free or Log In to start participating in the conversation!