[* Here's our official response. My personal comments are below. - dan *] Habeas, the leading provider of emailer reputation services, has recently come under attack from an as yet unidentified spammer. The spammer is illegally utilizing the Habeas Warrant Mark in emails which are promoting websites such as pharmawharehouse.biz, pharmacourt.biz and valuepointmeds.biz which are sites promoting or selling prescription drugs. The attack began on Sunday January 11, 2004 at about 11am PT.
Habeas is aggressively pursuing this incident to stop this illegal mailstream and to utilize the Habeas legal tools at our disposal to punish the responsible spammer for copyright and trademark violation. We are tracking down the identity of the spammer for further action. "This is a blatant and unacceptable misuse of the Habeas Warrant Mark - it will not go unaddressed. We've stopped spammers before and now we'll do it again." said Des Cahill, Habeas CEO. "It is interesting that this spam attack appears to be originating from a distributed set of zombie cable/DSL modems that someone likely took over in a past virus attack. It just illustrates the lengths the spammers will go to, including taking on Habeas' proven legal capabilities, to distribute their spam. We are very pleased with the timeliness and volume of spam reports we've received regarding this incident: it affirms that the Habeas system is working and our mail community support remains strong. This spammer has made a poor choice in infringing the Habeas Warrant Mark." Habeas has begun systematically adding the IP addresses of the hundreds of compromised personal computers sending this spam to the Habeas Infringers List (HIL). Access to the HIL (aka Habeas Blacklist) is free with details available at http://www.habeas.com/supportBlackList.html. All recent versions of SpamAssassin configured with network checks "on" automatically query the HIL when receiving an email containing the Habeas Warrant Mark. Adding the IP addresses to the HIL should not impact the legitimate mailing activities of the owners of the zombie cable/DSL modems. ### [* On a personal note, I'd like to thank everyone on this list for their calm, reasoned discussion of the attack and the impact on Habeas and SpamAssassin. While it may be flattering that we've had enough of an impact do be attacked, we are aware of the inconvenience this has caused and understand that we must respond quickly and aggressively to maintain our credibility. One question on the list was regarding reporting. Please note that we do need your spam reports in order to identify the zombie senders and add them to the HIL. If you have confidential info in a header (such as Delivered-To:), please just replace the field body with "[elided]" so we know that it is not the complete original. Habeas would never publish the emails on the web where they could be spidered, but the emails (or a subset) will likely wind up as an exhibit in our lawsuit, which would eventually be public info. I am an avid user of (and even occasional contributor to) SpamAssassin, and helped create Habeas in a way that would be complementary to what SpamAssassin does. (By helping eliminate false positives, we can tighten thresholds and catch more false negatives.) We greatly appreciate the continued support from the SpamAssassin developer, administrator, and user communities. - dan *] ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
