[Dshield] Pump and Dump Stock lists
eslerj at gmail.com
Thu Feb 1 15:13:37 GMT 2007
I just made this quick procmail receipe.
And this one does a nice job of catching random spam.
police|debt|loan approval|OTCBB|Symbol\:|Symb0l|St0ck|Stock|set to
They potentially have false positives, although they are few and far between.
On 2/1/07, Jim Starke <jim.starke at benco.com> wrote:
> > Tony Nichols wrote:
> > >>Tell your friends and fellow mail admins that "6c822ecf" is the key to
> > >>filtering much of this bullshit out... Glad it helped. It's been well
> > >>publicized, yet the Russians behind this whole thing ain't bothered to
> > >>change it. I still believe that's intentional on their part.
> > >Anyone have a script I might use at my mail server (postfix 2.2.5 and
> > >procmail)? I don't know if it should be a regex or maybe adjust the
> > >existing header check....
> > What about a SPAMASSASIN rule?
> I'll pipe in, I'm in need of a "sendmail" rule?
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
ISC Incident Handler
More information about the list