[Dshield] smart spam

Laurent Saplairoles lsaplai at megassistance.com
Tue Mar 22 18:23:54 GMT 2005

Hello all

We received a series of very interesting spams this morning that made it right through 
our POPFile filters.

The text version of the spam is a few line abstract of news on the Schiavo case (For 
those who don't know, it's a case in the USA where a husband wants to "unplug" his 
wife - in a vegetative state for 20 years - whereas her parents don't want). A very 
current news and that's what I saw when opening the message this morning.

However, the HTML version contains a .gif image with advertisement for your usual 
health pills _and_ another news abstract, concerning the situation in Kyrgyzstan this 

I find that very clever because all human/machine readable texts concern news topics. 
The graphic could be anything. I "taught" POPfile to treat this message as spam but I 
still have to see what will be the effect on my "good" mail.

It is probably not new to some/most of you but I find some spammers are getting 
smarter! Fortunately, (1) the "harmful" content of the message was simply a .gif ad, (2) 
I am displaying the text version of the message by default (If there is one) and (3) I 
(and all my office) am using a mail client that is imprevious to any kind of malware 
(Pegasus Mail from David Harris). However, some less fortunate persons could have 
found themselves stacked by malware right away.

The fight goes on!

More information about the list mailing list