I have a few custom rules that I have done. I usually look for certain
words in a message, certain URLs, etc.
Today I have run across a new twist (at least for me). The message is in
HTML and the way it is 'printed' is vertically.
LeXaPrMeVaCiAmUlViCe
vinaoprilialbitragle
traxeciadiaum=
isenamrabrex
The snippet above is from the source of the messages. The first two
characters of the first line is the first two characters of the first
word. The second two characters of the first line, is the first two
characters of the second word. And so on.
Initially I thought I had found the key when I learned this, but what is
happening is they are changing the order of the words displayed in the
message.
There are URLs in each of the messages, but out of 11 messages received
today, there are 9 unique URLs.
Of course the sender, IP and all of that is forged. The subjects are all
start with Re: and end with some variation of the word (Phara
maceutical) I just noticed that word was misspelled in EVERY message.
How is the best way to block something like this?
Thanks,
Mike
