convincing spam from CNN
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- convincing spam from CNN
- « Previous
- Next »
Re: convincing spam from CNN
18-08-2008 9:55 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Bob Anything with the x-pstn-xfilter: y header *is* marked as spam. The x-pstn-neptune-cave-rslt: qtine header on the other hand reduces the spam score by 20 (or resets it to 0) - this makes it far more likely to be identified as spam. Problem with some of these messages though is the fact that Postini is scoring them so high.
I get the impression from this thread and some of the tickets in our ticket pools that there are now less and less of these messages with the x-pstn-xfilter: y header
Yes, sorry Bob. The 'y' ones got through at the start but you reset things so they get caught now, didn't you! (It's still in my filter from before you changed it).
Re the 'qutine' ones, that's exactly what I was saying in my earlier post this morning, that they're being scored too high by Postini to end up in the Spam folders.
It's not all of them that are being scored too high, just a few, so I suppose it's something to do with what the included headlines are. All those that got through to the computer are identical - "Men say they've found a Bigfoot" and "The ugly side of beauty" as the two main 'stories'. I can't check if those that got caught were the same or different as I've deleted them all in webmail now!
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Re: convincing spam from CNN
18-08-2008 10:00 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Bob I get the impression from this thread and some of the tickets in our ticket pools that there are now less and less of these messages with the x-pstn-xfilter: y header
"x-filter" historically appears to generally be a very short-term fix (that's short as measured in postini time mind you so usually around a week or two) and none of the most recent CNN spams I've received have had this header. Unfortunately, quite a few of them have had scores of 99.9% with perhaps the majority having scores between 50% and 90% so they just come sailing straight through. Most of them seem to use the previous days genuine CNN message as a template so are almost guaranteed to get high scores. I didn't get as many overnight as I was expecting but still a fair old few and I've not had my genuine CNN messages as yet either Never mind, some more very nice vids in all the spammy messages to look at while I wait (*)
BTW, as mentioned somewhere before, I've also had them allegedly from something@something.cnn.com (but clearly they're not of course) so filtering on !(something@something.cnn.com) wont necessarily work, it would have to be filtered against !(a_valid_CN_ip) rather than the much easier alleged from address. Incorporating the "GT1" filter in the test would quite probably do it without having to go the IP checking route tho because all the genuine CNN messages I have appear to trigger this category filter whereas the spammy ones (currently) do not.
How come I have some messages appearing to bypass neptune completely tho ?
(*) Yup, that's right, I've happily clicked and watched almost all of them at some time or another but fear not, no problem because Mr.Spammer is way too lazy to tweak all of the links to dodgy ones ! It's only those peeps viewing the dodgy html message that get caught out - any half-decent reader should probably reject the html as iffy anyway but as I only get to see the good old plain text version, all I get is the original genuine CNN message and could easily spot dodgy links if there were any so all is well
Micro$oft and html: making life easier for spammers/hackers almost since time began
B T Plusnet, a bit kinda like P T Barnum ...
... but quite often appears to feature more clowns
Re: convincing spam from CNN
18-08-2008 6:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: mikeb How come I have some messages appearing to bypass neptune completely tho ?
Are all the ones missing the Neptune filter going through the same Postini array?
Quote Received: from source ([84.148.244.68]) by exprod5mx200.postini.com ([64.18.4.11]) with SMTP;
Sun, 17 Aug 2008 15:34:08 MDT
Re: convincing spam from CNN
18-08-2008 7:50 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- "Antivirus 2008 /2009 /XP" - Malicious program, a pain to remove.
- Screen saver / Desktop / Login background image changed to "oh no you're infected" messages.
- On a few machines we've had something sending out tons of spam causing our customers to get blacklisted in some cases.
We haven't come up with a clear cut fix yet - our customers want fast patch-it-up jobs right now. We're using combinations of Eset online scanner (http://www.eset.com/onlinescan/scanner.php?i_agree=14), spywareinfo.com/xscan, some inhouse stuff and a lot of crawling through registry entries. Eset NOD seems most effective at catching these but that's only compared to a few other AV solutions.
- I thought this info might help anyone who has problems with this - it's causing £££s worth of damage for our clients.
It's not just plus.net btw - we have customers on loads of different lines.
Re: convincing spam from CNN
18-08-2008 11:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Does this link from earlier in the thread give you any help?
http://www.usenix.org/event/hotbots07/tech/full_papers/chiang/chiang_html/
The trojan seems to use services.exe so you might do some good if you can replace this file on an infected machine with a clean version?
Chris
Re: convincing spam from CNN
19-08-2008 12:55 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: convincing spam from CNN
19-08-2008 1:49 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@ ChrisL, that's scary lol - but thanks.
Re: convincing spam from CNN
19-08-2008 7:53 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: geewizz @4steve : Can't you just ban those people who click on spam mails from having internet access at their work?
I think a lot of companies are now banning surfing of any kind at work. I guess it's not easy to ban specific clicking activities though.
Re: convincing spam from CNN
19-08-2008 11:14 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: geewizz @4steve : Can't you just ban those people who click on spam mails from having internet access at their work?
I read the original comment as being, that he works for a computer repair place fixing computers for their clients. So the affected machines (of their clients) could be home users or businesses. Busnesses could pull the plug on their users internet access, but who'd do that for the home users? (who arguably are the worst culprits of propagating this mess!).
Maybe all internet users should be forced to pass an exam before being allowed to connect to the internet!
A lot of these sorts of problems could be solved by better education of the general public!
Re: convincing spam from CNN
20-08-2008 2:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: convincing spam from CNN
20-08-2008 3:17 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: artmo
Quote from: Stiggy A niave question no doubt, but....
Is there anyone in the world who actually tries to track down these scum and prosecute them?
Occasionally there is a prosecution but only of some of the small-time operators. The big boys seem to have immunity. I think most of them operate from Russia or China and a blind eye is turned to them.
Things are changing. The very fact that the major spam opertions are managed from an ever decreasing number of locations means we are driving the spammers into a corner.
The Feds in America are staring to bow to public pressure and there have been a rising number of successful prosecutions in recent times. Though as you point out they are not the big fish. Who does what around the world varies. China doesn't appear to want to cooperate, Australia is very aggressive. Europe contains countries such as Italy and Spain who have a somewhat more laid back attitude towards laws and their keeping. Britain I am frankly disappointed with.
It does sometimes feel a bit like Gulliver in Lilliput from the viewpoint of th little guy but with enough cotton threads you can tie down even the biggest of giants.
Various groups are working in various niches to look for places to attack the spammers but there is a lot to attack. There is a big wave of cooperation going on between some of these groups and data and conclusions are being exchanged and added to the evidence presented to The Authourities to strengthen the case. Overall it needs agreements between nations to be put into place so that the spammers can be brought before the courts, this takes time. Also it needs those earning a living from supplying the internet to get it's act together. And there are times when I do consider arguing in favour of compulsory sterilization of those who persist in clicking the links.
On that last point there is something we can ALL do. The next time your muppet of a mate says he got hacked or caught a virus, don't laugh. Call them what they are, expletives and all.
Re: convincing spam from CNN
20-08-2008 2:31 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote It does sometimes feel a bit like Gulliver in Lilliput from the viewpoint of th little guy but with enough cotton threads you can tie down even the biggest of giants.
Better get spinning!
http://www.guardian.co.uk/technology/2007/nov/29/hacking.news
http://www.nytimes.com/2007/05/29/technology/29estonia.html?_r=1&oref=slogin
http://www.isrjournal.com/story.php?F=2756602
etc
Re: convincing spam from CNN
20-08-2008 3:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
- « Previous
- Next »
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page