[unisog] German email

Bob Johnson bob89 at eng.ufl.edu
Tue May 17 20:34:00 GMT 2005


Jason Grove wrote:
> I was wondering if any one else is seeing a influx of german email/spam? We seemed to 
> start getting hit late last week and are getting a ton of it. Most of it seems to be 
> coming from Cable/DSL accounts..
> 
> 
> jason

Yes, it is all over the place.  It is spam probably related to a German 
political campaign and/or the 60th anniversary of the end of WW II.  My 
limited German language skills suggest that it is anti-immigration, 
nationalistic stuff.  The spam is claimed by many analysts to originate 
from systems infected with some variant of the sober virus, but the spam 
I've seen does not actually carry the virus.  I don't think the website 
it sends you to is doing anything nasty, but I wouldn't bet an important 
system on that.

A SpamAssassin filter that seems to do a good job of stopping most of it 
is at:

http://weir.dattitu.de/archives/9-Filtering-Sober-P.html

It detects four header lines that in themselves are innocuous, but in 
combination seem to only happen in this spam (or perhaps sober in general).

You will also see an occasional user get hit by a few hundred 
non-delivery messages when one of the spamming systems picks their email 
address to be the bogus reply address.

- Bob



More information about the unisog mailing list