Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Increase in 'numerical' spam - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Increase in 'numerical' spam

Readers reported e-mails containing nothing but a six digit number in the subject line, followed by an 8 character hexadecimal string as content. This type of e-mail isn't new, dating back to June 2006, when it was attributed to a Beagle variant. However, there has been a significant increase over the last 24 hours.

For those using spamassassin, the botnet plugin in addition to the helo_dynamic rules have proven to be useful in filtering out these messages. This is one example where sender profiling appears more powerful than content analysis.

Thanks to Ray, Jeff & Greg for reporting their findings and fellow handlers David and Donald for their insight. 


158 Posts
Aug 7th 2007

Sign Up for Free or Log In to start participating in the conversation!