On Fri, 2019-05-24 at 18:29 -0700, John Hardin wrote: > On Fri, 24 May 2019, Chris Pollock wrote: > > > This is the 2nd of these ransom spams I've received where the body > > of > > the message is a .jpg. Below is the body and also a link to the > > headers > > and body > > > > https://photos.app.goo.gl/DGcjySsnEHL3uKBa7 > > > > https://pastebin.com/xNRZ5UeC > > There's not a whole lot that can help with that other than DCC/Razor. > > There were bitcoin extortion spams using images to avoid text > matching a > while ago, but the fact that the spam doesn't include the bitcoin > wallet > ID in the body (for cut and paste) makes it harder to comply with > the > extortion demand. They didn't last too long, and I'm surprised that > they > are popping up again. > > About the only way to deal with this would be an OCR plugin that, > rather > than trying to match specific words as the old FuzzyOCR did, instead > scans > the entire image and pastes the text into a body element similar to > what > is done for HTML body parts. > > There are a few things that might add enough points to push it over > the > spam threshold; I notice for instance the List-Help and potentially > List-ID headers. > Thanks John, fortunately both of these that I've received have hit above the 5 point threshold due to other rules hit.
-- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 21:01:41 up 9 days, 13:20, 1 user, load average: 1.50, 1.20, 1.09 Description: Ubuntu 18.04.2 LTS, kernel 4.15.0-50-generic
signature.asc
Description: This is a digitally signed message part
