>...
>>On Sat, 2006-02-18 at 08:45 -0700, Gary V wrote:
>> > Without the entire
>> > message I don't think anyone can determine if there is some problem
>> > with
>> > your system, or if this particular spam simply scored low because the
>> > spammer is good at what they do. BTW, it is helpful to see what rules
>> > hit.
>>This is the body of the message:
>>Corporate image can say a lot of things about your company. Contemporary
>>rhythm of life is too dynamic.
>>Sometimes it takes only several seconds for your company to be
>>remembered or to be lost amonq competitors.
>>Get your logo, business stationery or website done right now!
>>
>>Fast turnaround: you will see severaI loqo variants in three business
>>days.
>>Satisfaction quaranteed: we provide unIimited amount of changes; you can
>>be sure: it wiIl meet your needs
>>and fit your business.
>>FlexibIe discounts: loqo improvement, additionaI formats, bulk orders,
>>special packages.
>>Creative design for competitive price: have a look at it right now!
>>
>>______________________________________________________
>>not interested...
>>
>
>I can certainly see why this is not considered spam. There is not much here
>at all that would make this different from a ham message. I created a
>message with these contents and sent it to myself from my yahoo account and
>is was considered ham. Nothing in the body triggered a rule. This is one of
>those types of messages that I would feed to Bayes, then delete and forget
>about. If I got the the same message a number of times I would possibly
>create a custom rule based on the Subject. Most likely a custom rule for
>this would only be good for about a week, then I would probably never see
>another message with the same subject again, so after a week the rule would
>be a complete waste. I think you simply need to accept the fact that there
>is stuff like this that will make it through.
>...
A knowledge of history and a good BAYES + digest tests (DCC, Razor,
and Pyzor) will kill these. This is the recent reincarnation of the old
set of trylogos domains - examples:
trylogos.com-MUNG
try-logos.com-MUNG
trylogos-inc.biz-MUNG
try-logos-ltd.biz-MUNG
try-logos-inc.biz-MUNG
try-x-logos.biz-MUNG
trylogos-studio.com-MUNG
trylogos-team.com-MUNG
trylogos-llc.com-MUNG
ad nasuem
Interesting connection to some Eastern European porn domains for those
who check them out. One of the new ones is logomarka.net-MUNG. Almost all
are registered at Parava (both old and new). These are actually very unusual
phishing spam (from Leo/Yambo/Pavka or a related party) - If you respond, they
will request *lots* of data from you.
As far as I know, net tests are the way to catch these. So if you
aren't running the URIBLs and digests, you won't ever get them (though MTA
RBLs to kill off zombie delivery will work).
BTW. The recent one locally scores 31.6 points hitting the following rules:
DATE_IN_PAST_24_48. DCC_CHECK. DIGEST_MULTIPLE. INVALID_DATE.
MSGID_FROM_MTA_ID. RAZOR2_CF_RANGE_51_100. RAZOR2_CHECK. RCVD_IN_XBL.
SPF_HELO_FAIL. URIBL_JP_SURBL. URIBL_OB_SURBL. URIBL_RHS_ABUSE.
URIBL_RHS_DSN. URIBL_RHS_NOCOMPLAINTS. URIBL_RHS_NOSTDMAIL.
URIBL_RHS_POST. URIBL_RHS_URIBL_BLACK. URIBL_RHS_WHOIS. URIBL_SC_SURBL.
URIBL_WS_SURBL. URIBL_XS_SURBL
Though when it arrived, the SURBLs and URIBL didn't all have it listed yet;
The digests already did (they react faster - it is their nature).
Paul Shupak
[EMAIL PROTECTED]
Some similar text from year old spam and one from a week and a half ago:
--------------------------------------------------------------------------------
---- Sample #1 (from a comcast zombie - 1 Jun 2005) ----------------------------
--------------------------------------------------------------------------------
Our art team creates a custom logo for you, based on your needs. Years of
experience have taught us how to create a logo that makes a statement that
is unique to you.
In a professiona l manner we learn about your image and how you would like the
world to perceive you and your company. With this information we then
create a logo that is not only unique but reflects the purpose of you and your
company.
For value and a logo that reflects your image, take a few minutes and visit Try
Logos!
http://www4.trylogos-inc.biz-MUNG/
Sincerely,
Logo Design Team
http://www4.trylogos-inc.biz/uns.php
--------------------------------------------------------------------------------
---- Sample #2 (from a comcast zombie - 12 Jul 2005) - Note the "Try Logos!" ---
- Note the use of a warez domain (most of the trylogos domains were suspended) -
------ Also check the "whois" and see a Kuvayev porn domain used for DNS -------
--------------------------------------------------------------------------------
Our art team creates a custom logo for you, based on your needs. Years of
experience have taught us how to create a logo that makes a statement that
is unique to you.
In a pr ofessional manner we learn about your image and how you would like the
world to perceive you and your company. With this information we then
create a logo that is not only unique but reflects the purpose of you and your
company.
For value and a logo that reflects your image, take a few minutes and visit Try
Logos!
http://bridle.biz.easycds.biz-MUNG
Sincerely,
Logo Design Team
circus anticipatory controversial
--------------------------------------------------------------------------------
---- Sample #3 (from a verizon zombie - 9 Feb 2006) - Now "Logo Maker" ---------
--------------------------------------------------------------------------------
Our art team creates a custom logo for you, based on your needs. Years of
experience have taught us how to create a logo that makes a statement that
is unique to you.
In a professional manner we learn about your image and how you would like the
world to perceive you and your company. With this information we then c
reate a logo that is not only unique but reflects the purpose of you and your
company.
For value and a logo that reflects your image, take a few minutes and visit
Logo Maker!
http://client.net.logomarka.net-MUNG
Sincerely,
Logo Design Team
caruso combinatoric dayton
