On Wed, 26 Jul 2017, Michael Storz wrote:
Am 2017-07-26 15:08, schrieb Dianne Skoll:
On Tue, 25 Jul 2017 08:36:22 -0400
Dianne Skoll <d...@roaringpenguin.com> wrote:
> All of the URLs match this pattern:
> /\/[A-Z]{4}\d{6}\/$/
We see a new variant with the subject "Your Virgin Media bill is
ready" and URLs that match:
uri __RP_D_00108_03 /\/\d{12}\/[A-Z]{6}\/?$/
Nearly all of these spammails can be blocked with
header __LRZ_BND_MS Content-Type =~
/boundary="-{4}=_NextPart_000_[0-9A-F]{4}_[0-9A-F]{8}\.[0-9A-F]{8}"/
header __LRZ_MSGID_SPAM_99 MESSAGEID =~
/<\d{8,13}\.2017\d{6,11}\@/
meta LRZ_HEADER_SPAM_99 (__LRZ_MSGID_SPAM_99 && __LRZ_BND_MS)
The version before had a different boundary
header __LRZ_BND_HU32 Content-Type =~ /boundary="[0-9A-F]{32}"/
...all of which is, sadly, whack-a-mole.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...much of our country's counterterrorism security spending is not
designed to protect us from the terrorists, but instead to protect
our public officials from criticism when another attack occurs.
-- Bruce Schneier
-----------------------------------------------------------------------
9 days until the 282nd anniversary of John Peter Zenger's acquittal
