Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Spammers attempt to defeat Bayesian filters; Malaysia terrorism warning; MSN Messenger worm SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Spammers attempt to defeat Bayesian filters; Malaysia terrorism warning; MSN Messenger worm
Over past weeks, Internet users have reported receiving high volumes of spam e-mail with random words at the bottom (in the text and/or HTML). This appears to be aimed at defeating Bayesian spam filters which are trained by users to detect spam mail and automatically classify it. The technique uses common dictionary words to increase the rate of false positives and cause Bayesian filters to start classifying legitimate mail as spam.


Malaysia CERT (Computer Emergency Response Team) has identified circulating e-mail that contains fraudulent terrorism warnings for people in Malaysia. The e-mail provides a link to learn more about the warning, but this link actually downloads and installs a trojan horse program. The trojan horse is similar to the recently discovered key logging trojan named "Backdoor.Tofger".

Given the nature of terrorism fears across the world, it is likely that this type of e-mail will surface again in the future.

More information on this incident, including the full text of the malicious e-mail, can be found at Malaysia CERT:

The story is also reported at ZDNet UK:,39020375,39118800,00.htm

Information on Backdoor.Tofger:


A new worm has been identified spreading through MSN Messenger clients. The worm propagates by sending a message to everyone in the contact list every 5 minutes. The message has a link to download itself. No destructive activity has been observed with the worm, however analysis is still underway. Widespread penetration of this virus could render a denial of service against MSN Messenger users. Further information can be at the Panda Software web site under "Jitux.A":

76 Posts
Jan 2nd 2004

Sign Up for Free or Log In to start participating in the conversation!