On Fri, 24 May 2019, Chris Pollock wrote:
This is the 2nd of these ransom spams I've received where the body of
the message is a .jpg. Below is the body and also a link to the headers
and body
https://photos.app.goo.gl/DGcjySsnEHL3uKBa7
https://pastebin.com/xNRZ5UeC
There's not a whole lot that can help with that other than DCC/Razor.
There were bitcoin extortion spams using images to avoid text matching a
while ago, but the fact that the spam doesn't include the bitcoin wallet
ID in the body (for cut and paste) makes it harder to comply with the
extortion demand. They didn't last too long, and I'm surprised that they
are popping up again.
About the only way to deal with this would be an OCR plugin that, rather
than trying to match specific words as the old FuzzyOCR did, instead scans
the entire image and pastes the text into a body element similar to what
is done for HTML body parts.
There are a few things that might add enough points to push it over the
spam threshold; I notice for instance the List-Help and potentially
List-ID headers.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Maxim XXIX: The enemy of my enemy is my enemy's enemy.
No more. No less.
-----------------------------------------------------------------------
3 days until Memorial Day - honor those who sacrificed for our liberty
