Interesting. Any chance for an unmodified pastebin spample? On Thu, Oct 4, 2018, 12:07 Joseph Brennan <bren...@columbia.edu> wrote:
> > Two days ago the Bitcoin threats from Outlook.com started arriving in the > Windows-1256 charset, which is Arabic, but including Latin characters. The > text has Arabic character 9D all over the place. 9D is "ZERO WIDTH > NON-JOINER" so it takes up no space and the English language text looks > normal. But it breaks pattern matching. > > That ALL of the Bitcoin threats from outlook.com changed the evening of > October 1 means they are all from one source. > > Sample of the mime part header and a raw paragraph: > > --_000_AM0PR04MB488298EB0071C1677D7C5BA9BAE90AM0PR04MB4882eurp_ > Content-Type: text/plain; charset="windows-1256" > Content-Transfer-Encoding: quoted-printable > > Yo=9Du wi=9Dll ha=9Dv=9De two diff=9Derent so=9Dluti=9Do=9Dns. Why dont w= > =9De check o=9Dut =9Dea=9Dch on=9De o=9Df thes=9De o=9Dpti=9Dons in > deta=9D= > i=9Dls: > > > Joseph Brennan > Columbia U I T > >
