[Dshield] smart spam

Taps Taps at Iniquity.Org
Thu Mar 24 00:31:54 GMT 2005


=> The text version of the spam is a few line abstract of news 
=> on the Schiavo case (For those who don't know, it's a case 
=> in the USA where a husband wants to "unplug" his wife - in a 
=> vegetative state for 20 years - whereas her parents don't 
=> want). A very current news and that's what I saw when 
=> opening the message this morning.
=> 
=> However, the HTML version contains a .gif image with 
=> advertisement for your usual health pills _and_ another news 
=> abstract, concerning the situation in Kyrgyzstan this time.

I have been getting these for a while now.  And, yes, they are annoying.
I specially like the ones with no real message, just a random group of
words that appear to be enough to make it through most spam filters.
Products like GFI Mail Essentials and the Bayesian filter are great,
But there is always  the possibility of spam coming through.  Build a
better spam filter... And out comes a better spammer.

As far as malware goes:  fortunately, I convert everything to plain
text, so nothing gets downloaded (images) or ran (scripts) unless I
specifically tell it to.


=> I find that very clever because all human/machine readable 
=> texts concern news topics. 
=> The graphic could be anything. I "taught" POPfile to treat 
=> this message as spam but I still have to see what will be 
=> the effect on my "good" mail.
=> 
=> It is probably not new to some/most of you but I find some 
=> spammers are getting smarter! Fortunately, (1) the "harmful" 
=> content of the message was simply a .gif ad, (2) I am 
=> displaying the text version of the message by default (If 
=> there is one) and (3) I (and all my office) am using a mail 
=> client that is imprevious to any kind of malware (Pegasus 
=> Mail from David Harris). However, some less fortunate 
=> persons could have found themselves stacked by malware right away.

Umm..... I would never tout any product "as impervious".  Its just
asking for trouble.  A while back I was working far a company (Name
withheld), and we were to be trained on a headless, http-administered,
multi-user Web Server.  Something new we were going to support.  The
first day of our training, one of my first questions about the machine
was how secure it was.  The instructor simply stated that the machine
was "Impervious" to external attacks.  Since out classroom had no
external internet connection, at our lunch break I went back to my desk
and proceeded to download a few tools from my house.  Nothing major,
small enough to fit on a floppy.  After lunch, I spent the last few
hours of our class bouncing this "Un-Hackable" server.  The instructor
was dumbfounded.  Every time he went to show us a new feature of the
server, I would tap a few keys and he would have to wait a few minutes
for the machine to come back up.

Needless to say, that was the first, last, and only day of our training,
and for some reason the product was never released to the public.  Which
was too bad.  Hardware-wise, it was a sweet machine.  And since it was
Intel-based, I was able to remove the drives and get Windows 2000
installed on it.  Once properly configured and hardened, it ran an IIS
Server very nicely.

To make a long story short.... I know too late...  But I would never
refer to any piece of hardware or software as impervious.  Secure? Yes.
But never something as definite as Impervious, Invulnerable, or
"Un-Hackable".  Everything eventually has some sort of exploit, it just
hasn't been found or even looked for yet.





Taps at Iniquity.Org
http://Taps.Iniquity.Org
-  "What spirit is so empty and blind, that it cannot recognize the fact
that the foot is more noble than the shoe, and skin more beautiful than
the garment with which it is clothed?" -- Michaelangelo 

Build a man a fire, and he'll be warm for a day. Set a man on fire, and
he'll be warm for the rest of his life. -- Terry Pratchett 





More information about the list mailing list