> -----Original Message-----
> From: Mark Johnson [mailto:[EMAIL PROTECTED]]
> Sent: Friday, October 20, 2006 10:41 AM
> To: users@spamassassin.apache.org
> Subject: Re: Psst!
>
>
> Chris Santerre wrote:
> >
> >
> > Just curious, but how many people see spam being sent to usersnames
> > with the fisrt letter dropped? I see a ton in my logs. I believe
> > spammers figure [EMAIL PROTECTED] will also have a [EMAIL PROTECTED] Too bad
> > for them...they do not. :)
> >
> I am noticing alot of this. Another thing I'm noticing and
> am getting a
> little nervous about is the amount of spam coming in that's basically
> directed towards us. It's physically coming from others
> countries, from
> the from addresses and reply-to addresses are from
> customers/suppliers/vendors of ours. It's like someone is gathering
> addresses that they KNOW will be in a whilelist table.
>
> Any idea how they could be coordinating something like this? There's
> too many to be a coincidence...
Actually I've started seeing this as well. I believe its from trojans grabbing the address books of those infected. Then putting a spidered "who knows who" sort of thing together.
Originally I saw it faked in alpha order. Like:
From: ABC Widgets
To: Amazing Widgets Company
I do NOT think that that top spammers are that dumb. I believe they are hiring some very bright coders. Once a trojan owns a machine, there is no tellnig what they can do. Hell they can go thru Sent Mail and pull the addresses right from there. Viruses have been doing it forever, why wouldn't zombies do it to get thru spam filters using whitelists.
IMHO its the begining of the next evolution.
Thanks,
Chris Santerre
SysAdmin and Spamfighter
www.rulesemporium.com
www.uribl.com
