Heads up, I just got a little flood of PayPal phishes with the following malformed MIME body-part header:
------=_NextPart_000_0005_01C4C5A0.D9652420 Content-Type: text/html; charset="iso-8859-2 Content-Transfer-Encoding: quoted-printable Note the missing close quote on the Content-Type header. Provisional rule: describe PHISH_11 Malformed PayPal Phishing body PHISH_11 /^Content-Type:.*charset="[^"]+$/i score PHISH_11 1.0 -- John Hardin Internal Systems Administrator (Seattle) CRS Retail Systems, Inc. 3400 188th Street SW, Suite 185 Lynnwood, WA 98037 voice: (425) 672-1304 fax: (425) 672-0192 email: [EMAIL PROTECTED] web: http://www.crsretail.com ----------------------------------------------------------------------- If you smash a computer to bits with a mallet, that appears to count as encryption in the state of Nevada. - CRYPTO-GRAM 12/2001 -----------------------------------------------------------------------
