On 2011/03/18 18:38, John Hardin wrote:
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next project, and that even a well
trained naive bayes filter might not detect it. let's be on touch on
this matter then. Any progress or collaboration is highly welcomed on
my side
About the only thing I need from the community are samples, and for spear
phishing that will be rather difficult.
Actually it might not be all that hard. Tweak some specific rule matches
that indicate a high probability of phishing or spearfishing to be
artificially high numbers. That will at least get them labeled as spam.
One such word might be "password" with certain other words in context.
This is certainly a meta-rule issue. But password plus an address
that is not on a "short list" anywhere within the body of the email
should result in a hefty score.
Of course, within weeks of inventing such a rule it will be obsolete
and you'll have to add in the "drug" rules type of de-obfuscation.
{^_-} Free lunches are worth what they cost and not a penny more.
