On Thu, 28 Jun 2018, Zinski, Steve wrote:
I see that a lot in sextortion emails. So far, I’ve seen the word “bitcoin” encoded (obfuscated) the following ways:bitc%D0%BEin bit%D1%81oin bit%D1%81%D0%BEin And the word “wallet” as: w%D0%B0ll%D0%B5t These sextortion scammers are clever. So, instead of filtering on the word “bitcoin”, I now filter on a bitcoin regex (see below) and some other words such as “pixel”, “virus”, etc. which are always a part of the sextortion message. body __BITCOIN /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
Ok, I've added those to my sandbox in case those are common. I wouldn't know, I generally get lots of 419 fraud and photo retouching spams instead... :)
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- The one political issue that strips all politicians bare is individual gun rights. ----------------------------------------------------------------------- 6 days until the 242nd anniversary of the Declaration of Independence
