ATTN:
I STUMBLED IN TO YOUR CONTACT BY STROCK OF LUCK AFRTER
A LONG SEARCH FOR AN HONEST AND TRUST WORTHY PERSON WHO
COULD HANDLE ISSUE WITH HIGH CONFIDENTIALITY.
I WAS SO DELIGHTED WHEN I GOT YOUR CONTACT AND I DECIDED
TO CONTACT YOU AND SOLICITE FOR YOUR KIND ASSISTANCE.
I HOPE YOU WILL LET THIS ISSUE TO REMAIN CONFIDENTIAL EVEN
IF YOU ARE NOT INTERESTED BECAUSE OF MY STATUS.
I PRESUME THIS MAIL WILL NOT BE A SURPRISE TO YOU.
I AM AN ACCOUNTANT WITH THE MINISTRY OF MINERAL
RESOURCES AND ENERGY IN SOUTH AFRICA AND ALSO A MEMBER
OF CONTRACTS AWARDING COMMITTEE OF THIS MINISTRY UNDER
SOUTH AFRICA GOVERNMENT.
MANY YEARS AGO, SOUTH AFRICA GOVERNMENT ASKED THIS
COMMITTEE TO AWARDS CONTRACTS TO FOREIGN FIRMS, WHICH
I AND 2 OF MY PARTNERS ARE THE LEADER OF THIS
COMMITTEE, WITH OUR GOOD POSITION , THIS CONTRACRS
WAS OVER INVOICED TO THE TUNE OF US$25,600,000:00 AS A
DEAL TO BE BENEFIT BY THE THREE TOP MEMBER OF THIS
COMMITTEE.
NOW THE CONTRACTS VALUE HAS BEEN PAID OFF TO THE
ACTUAL CONTRACTORS THAT EXECUTED THIS JOBS, ALL WE
WANT NOW IS A TRUSTED FOREIGN PARTNER LIKE YOU THAT WE
SHALL FRONT WITH HIS BANKING ACCOUNT NUMBER TO CLAIM
THE OVER INFLATED SUM.
UPON OUR AGREEMEENT TO CARRY ON THIS TRANSACTION WITH
YOU, THE SAID FUND WILL BE SHARE AS FOLLOWS.
75% WILL BE FOR US IN SOUTH AFRICA.
20% FOR USING YOUR ACCOUNT AND OTHER CONTRIBUTION
THAT MIGHT REQIURED FROM YOU.
5% IS SET ASIDE FOR THE UP FRONT EXPENCES THAT
WILL BE ENCOUNTER BY BOTH PARTY TO GET ALL NECESSARY
DOCUMENTS AND FORMARLITIES THAT WILL JUSTIFY YOU AS
THE RIGHTFUL OWNER OF THIS FUND.
IF YOU ARE INTERESTED IN THIS TRANSACTION, KINDLY
REPLY THIS MASSEGE WITH ALL YOUR PHONE AND FAX
NUMBERS, TO ENABLE US FURNISH YOU WITH DETAILS AND
PROCEDURES OF THIS TRANSACTION.
GOD BLESS YOU
YOURS FAITHFULLY.
JOSEPH EDWARD.
>
> ATTN:
> I STUMBLED IN TO YOUR CONTACT BY STROCK OF LUCK AFRTER
> A LONG SEARCH FOR AN HONEST AND TRUST WORTHY PERSON WHO
> -
Darn, someone has to show these spammers how to use a spell checker. How am
I supposed to get my daily dose of morning laughter if I need to spell check
all this coming in? ;o)
B.
On Mon, Jun 03, 2002 at 10:33:05AM -0500, Holzrichter, Bruce wrote:
> > ATTN:
> > I STUMBLED IN TO YOUR CONTACT BY STROCK OF LUCK AFRTER
> > A LONG SEARCH FOR AN HONEST AND TRUST WORTHY PERSON WHO
> > -
>
> Darn, someone has to show these spammers how to use a spell checker. How am
> I supposed to get my daily dose of morning laughter if I need to spell check
> all this coming in? ;o)
Dunno, I am trying to figure out suitable Perl-RE filters which
would match only these ALL CAPITALS scam letters, and yet not to
match any legitimate postings...
The principal problem is, I think, that Majordomo filtering works
within the individual lines of the message, not by the entire message,
and there could be some legitimate email with all-capital lines...
Traping on keywords fails also when they are (intentionally ?)
mis-spelled.
Anti-spam technology really needs constant evolution, as those
spammers do evolve themselves...
> B.
/Matti Aarnio
On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> Anti-spam technology really needs constant evolution, as those
> spammers do evolve themselves...
If ever there was something which was screaming for an open source project,
it's spam filtering. It seems like every major mailing list has someone
like Matti, working really hard on a thankless task, but losing out under
the tide of new spam every day. Seems to me if there was a public repository
(sourceforge, bkbits, whatever) with a collection of procmail filters which
have been shown to work correctly, that would be a win.
--
---
Larry McVoy lm at bitmover.com http://www.bitmover.com/lm
On Mon, Jun 03, 2002 at 12:06:53PM -0700, Larry McVoy wrote:
> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> > Anti-spam technology really needs constant evolution, as those
> > spammers do evolve themselves...
>
> If ever there was something which was screaming for an open source project,
> it's spam filtering. It seems like every major mailing list has someone
> like Matti, working really hard on a thankless task, but losing out under
> the tide of new spam every day. Seems to me if there was a public repository
> (sourceforge, bkbits, whatever) with a collection of procmail filters which
> have been shown to work correctly, that would be a win.
Larry,
Best technologies (as I see them, but I am not omniscient, of course)
are those that do scoring. E.g. naving some word NN might not alone
be considered spam-signature, but it might increase score, and once
the score exceeds arbitrary treshold (lower with short messages?),
the message is considered spam, and rejected.
Some recent TEXT/PLAIN spams have been encoded in BASE64 or ingenous
QUOTED-PRINTABLE to avoid several common Perl-RE pattern using filters.
I think there are several free codes of this kind available, but my time
has been chronically over-subscribed to do radical things like taking
this kind of codes into use.
> --
> Larry McVoy lm at bitmover.com http://www.bitmover.com/lm
/Matti Aarnio
Matti> Best technologies (as I see them, but I am not omniscient, of
Matti> course) are those that do scoring. E.g. naving some word NN
Matti> might not alone be considered spam-signature, but it might
Matti> increase score, and once the score exceeds arbitrary treshold
Matti> (lower with short messages?), the message is considered spam,
Matti> and rejected.
I've been really really happy with spamassassin (http://www.spamassissin.org)
for my personal inbox. It's been blocking about 90+% of the spam
right out of the box, and only three or four false positives.
It's nice since it pre-filters SPAM out, so you can handle the rejects
at your leisure, and not have to deal with them randomly. I've been
very happy with it, and only after a week of use.
I've average around 20-40 spam a-day, so it's made a measureable
difference.
John
John Stoffel - Senior Unix Systems Administrator - Lucent Technologies
[email protected] - http://www.lucent.com - 978-399-0479
Followup to: <[email protected]>
By author: Larry McVoy <[email protected]>
In newsgroup: linux.dev.kernel
>
> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> > Anti-spam technology really needs constant evolution, as those
> > spammers do evolve themselves...
>
> If ever there was something which was screaming for an open source project,
> it's spam filtering. It seems like every major mailing list has someone
> like Matti, working really hard on a thankless task, but losing out under
> the tide of new spam every day. Seems to me if there was a public repository
> (sourceforge, bkbits, whatever) with a collection of procmail filters which
> have been shown to work correctly, that would be a win.
>
The biggest problem is that you're bound to get sued, so you have to
worry about legal defence...
-hpa
--
<[email protected]> at work, <[email protected]> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt <[email protected]>
On Mon, 3 Jun 2002, Larry McVoy wrote:
> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> > Anti-spam technology really needs constant evolution, as those
> > spammers do evolve themselves...
>
> If ever there was something which was screaming for an open source
> project, it's spam filtering. It seems like every major mailing list
> has someone like Matti, working really hard on a thankless task, but
> losing out under the tide of new spam every day. Seems to me if there
> was a public repository (sourceforge, bkbits, whatever) with a
> collection of procmail filters which have been shown to work
> correctly, that would be a win.
Now that there are Linux viruses, maybe we also need an open source
virus scanner.
--
M. Edward Borasky
[email protected]
The COUGAR Project
http://www.borasky-research.com/Cougar.htm
On 3 Jun 2002, H. Peter Anvin wrote:
> Followup to: <[email protected]>
> By author: Larry McVoy <[email protected]>
> In newsgroup: linux.dev.kernel
> >
> > On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> > > Anti-spam technology really needs constant evolution, as those
> > > spammers do evolve themselves...
> >
> > If ever there was something which was screaming for an open source project,
> > it's spam filtering. It seems like every major mailing list has someone
> > like Matti, working really hard on a thankless task, but losing out under
> > the tide of new spam every day. Seems to me if there was a public repository
> > (sourceforge, bkbits, whatever) with a collection of procmail filters which
> > have been shown to work correctly, that would be a win.
> >
>
> The biggest problem is that you're bound to get sued, so you have to
> worry about legal defence...
... the other problem with this kind of filters is that all emails coming
from marketing/biz ppl inside companies will result as spam ...
( that is actually true :-) )
- Davide
On Mon, 3 Jun 2002, M. Edward (Ed) Borasky wrote:
[snip]
> Now that there are Linux viruses, maybe we also need an open source
> virus scanner.
>
http://www.openantivirus.org
--
Gerhard Mack
[email protected]
<>< As a computer I find your faith in technology amusing.
I have confirmed with the Canadian CRTC, that we have no explicit laws or
regulations for the control of spam and that the CRTC has no plans to get
involved, even though they have the legal authority to do so. Basically,
they gave me the go ahead to retaliate against spammers, since neither spam
nor anti-spam is regulated.
There are various procmail recipes for the control of spam. The trick is to
create general purpose recipes that are not tied to specific
spammers/messages. The Spambouncer is a set of recipes that will generate a
reply message to spam and I am doing something similar on my own site. If I
receive spam, I send it back. If everybody would do that, then it might
have some effect.
What we really need however, is active anti-spamming. We need system that
will subscribe them to each other's mailing lists on an ongoing basis. If
they like spam so much, then they can send it to each other. I have started
to do this by collecting the e-mail addresses of spammers. I then put them
in invisible mailto: links on my web site for spammer spiders to harvest.
A while ago, AOL returned all spam in batches back to the originators,
causing their servers to crash. A spammer sued, and AOL won.
If anyone is interested in starting Yet Another Procmail Spambouncer, then
you can count me in.
Cheers,
--
Herman Oosthuysen
[email protected]
Suite 300, #3016, 5th Ave NE,
Calgary, Alberta, T2A 6K4, Canada
Phone: (403) 569-5687, Fax: (403) 235-3965
----- Original Message -----
From: Larry McVoy <[email protected]>
To: Matti Aarnio <[email protected]>
Cc: Holzrichter, Bruce <[email protected]>;
<[email protected]>
Sent: Monday, June 03, 2002 1:06 PM
Subject: Re: please kindly get back to me
> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> > Anti-spam technology really needs constant evolution, as those
> > spammers do evolve themselves...
>
> If ever there was something which was screaming for an open source
project,
> it's spam filtering. It seems like every major mailing list has someone
> like Matti, working really hard on a thankless task, but losing out under
> the tide of new spam every day. Seems to me if there was a public
repository
> (sourceforge, bkbits, whatever) with a collection of procmail filters
which
> have been shown to work correctly, that would be a win.
> --
> ---
> Larry McVoy lm at bitmover.com
http://www.bitmover.com/lm
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
On Mon, 3 Jun 2002, Larry McVoy wrote:
> On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
> > Anti-spam technology really needs constant evolution, as those
> > spammers do evolve themselves...
>
> If ever there was something which was screaming for an open source project,
> it's spam filtering. It seems like every major mailing list has someone
> like Matti, working really hard on a thankless task, but losing out under
> the tide of new spam every day. Seems to me if there was a public repository
> (sourceforge, bkbits, whatever) with a collection of procmail filters which
> have been shown to work correctly, that would be a win.
http://spamfilter.nl.linux.org/ ;)
and of course spamassassin and the dnsbl lists...
Rik
--
Bravely reimplemented by the knights who say "NIH".
http://www.surriel.com/ http://distro.conectiva.com/
Amen -
I've been working antispam detail for some
large clients, and I must say the spammers
get more devious and determined as time
goes by...
It would be great to pool our resources and
brainpower on this -
Joe
Larry McVoy wrote:
>On Mon, Jun 03, 2002 at 10:00:46PM +0300, Matti Aarnio wrote:
>
>
>> Anti-spam technology really needs constant evolution, as those
>> spammers do evolve themselves...
>>
>>
>
>If ever there was something which was screaming for an open source project,
>it's spam filtering. It seems like every major mailing list has someone
>like Matti, working really hard on a thankless task, but losing out under
>the tide of new spam every day. Seems to me if there was a public repository
>(sourceforge, bkbits, whatever) with a collection of procmail filters which
>have been shown to work correctly, that would be a win.
>
>
M. Edward (Ed) Borasky wrote:
>Now that there are Linux viruses, maybe we also need an open source
>virus scanner.
>
>
Ah yes, the perennial "linux virus" scare -
the anti virus labs are hard at work trying
to drum up new business....
The thing with linux/unix "virii" is, they
are actually for the most part trojans -
they've been in labs for years, the problem
is that there is no suitable transport vector!
You'd have to dupe an unwitting superuser
(now there's a dangerous combination) into
running the "virus" by hand - sort of like
the "honor system" virus....
Joe
On Mon, 2002-06-03 at 20:23, Matti Aarnio wrote:
> I think there are several free codes of this kind available, but my time
> has been chronically over-subscribed to do radical things like taking
> this kind of codes into use.
Even then you need to do the work to fix the biggest problem, and I'd
hate to hack on majordomo for it - that is to hold spam scored messages,
advise the sender and accept a confirmation email to forward it to the
list.
Mailing list admin is a full time job. Matti is an oft forgotten but
critical cog in the wheels of Linux
On Mon, 2002-06-03 at 18:11, J Sloan wrote:
> M. Edward (Ed) Borasky wrote:
>
> >Now that there are Linux viruses, maybe we also need an open source
> >virus scanner.
> >
> >
> Ah yes, the perennial "linux virus" scare -
> the anti virus labs are hard at work trying
> to drum up new business....
.....
> You'd have to dupe an unwitting superuser
> (now there's a dangerous combination) into
> running the "virus" by hand - sort of like
> the "honor system" virus....
Bwaaaaaahahahahaha!!!!!
That's the funniest thing I've ever heard. I've never looked at it like
that! Too damn funny!
> Joe
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
On Mon, 3 Jun 2002, Matti Aarnio wrote:
> Best technologies (as I see them, but I am not omniscient, of course)
> are those that do scoring. E.g. naving some word NN might not alone
> I think there are several free codes of this kind available, but my time
> has been chronically over-subscribed to do radical things like taking
> this kind of codes into use.
1) mv resend resend.mj
2) use this script as resend
--------------
#!/bin/sh
/path/to/spamassassin -L | /path/to/resend.mj $*
--------------
3) add X-Spam-Flag:.*YES to taboo_headers
I'm doing this for the listar setup on nl.linux.org and things
work great. Only took 10 minutes to install, too.
Rik
--
Bravely reimplemented by the knights who say "NIH".
http://www.surriel.com/ http://distro.conectiva.com/
Yeah - but how many messages/month?
Joe
On Tue, 4 Jun 2002, Rik van Riel wrote:
> On Mon, 3 Jun 2002, Matti Aarnio wrote:
>
> > Best technologies (as I see them, but I am not omniscient, of course)
> > are those that do scoring. E.g. naving some word NN might not alone
>
> > I think there are several free codes of this kind available, but my time
> > has been chronically over-subscribed to do radical things like taking
> > this kind of codes into use.
>
> 1) mv resend resend.mj
>
> 2) use this script as resend
>
> --------------
> #!/bin/sh
>
> /path/to/spamassassin -L | /path/to/resend.mj $*
> --------------
>
> 3) add X-Spam-Flag:.*YES to taboo_headers
>
> I'm doing this for the listar setup on nl.linux.org and things
> work great. Only took 10 minutes to install, too.
>
> Rik
>
Hi!
> > Anti-spam technology really needs constant evolution, as those
> > spammers do evolve themselves...
>
> If ever there was something which was screaming for an open source project,
> it's spam filtering. It seems like every major mailing list has someone
spamassassin.sf.net.
Pavel
--
Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt,
details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.
On Mon, Jun 03, 2002 at 04:11:17PM -0700, J Sloan wrote:
> M. Edward (Ed) Borasky wrote:
> >Now that there are Linux viruses, maybe we also need an open source
> >virus scanner.
> Ah yes, the perennial "linux virus" scare -
> the anti virus labs are hard at work trying
> to drum up new business....
> The thing with linux/unix "virii" is, they
> are actually for the most part trojans -
> they've been in labs for years, the problem
> is that there is no suitable transport vector!
Dude... Where have you been?
Remember Ramen and L1on?
I personally researched a DNS based worm that was infecting
RedHat 6.2 and 7.0 systems by exploiting the TSIG vulnerability to
propagate last year. It was a mess. I discovered three variations
on that worm, TSIG-A, TSIG-B and TSIG-C, that were in active propagation
in the wild. Even with that, I only managed to account for 1/3 of the
DNS probing that got real hot just about a year ago (I think some of the
rest of it was exploiting the earlier INVQ hole). Fortunately, that one
did largely die off a few months later. It's still out there, though,
on a few systems and still hasn't been totally eradicated.
Some of these things are carrying rootkits like Adore that even
include stealth kernel modules. Some of them are pretty damn nasty.
Then you've got the {Win32,Linux}.simile virus than can infect both
Windows PE binaries and Linux ELF binaries. It understands both binary
formats and can cross infect between platforms. So now a constant
noise density of infected Windows machines can provide a host population
which threatens the Linux boxes. Fortunately, this one has not spred
widely in the wild yet, but think of the cybernetic equivalent of Ebola.
What if Nimda or one of it's progeny get loaded with that virus in
it's payload package? The sadmind worm was spreding and infecting back
and forth betweeen Windows and Solaris where it was running on two
different HARDWARE platforms and breaking into Solaris boxes through
the sadmind hole (hence the name). It doesn't take a rocket scientist
to load the payloads with multiple binaries for multiple platforms and
archetectures and these things are being assembled "cookie cutter"
fashion now.
The E-Mail based "social engineering" worms that have been plaguing
the Windows world may not have a foothold in the Linux world yet, but we
(Linux/Unix/BSD) are certainly NOT immune to viruses or worms (hell, the
first internet worm was the Robert Morris worm that infect Sun systems
and propagated through holes in sendmail and finger).
These things have been suscessful and we've been successful,
so far, at beating them back. But they ARE getting better and we are
NOT IMMUNE. The vectors exist every time a new remote exploit is
revealed. Recent hybrid threats are all script driven and a new
exploit can be loaded into the warhead of a worm in minutes of it
being published and circulated in the underground. Rootkits do
exist which subvert binaries, libraries, and even the kernel. Kits
exist out there right now that will even load a module into a kernel
which has no loadible module support (hint, /dev/kmem) so even that
is of little help.
It's not theoretical and it's not just in the labs. It's real
and it's in the wild now. It just doesn't have the population
density and the monclonal culture to make it go BANG like the Windows
worms go. Yet...
> You'd have to dupe an unwitting superuser
> (now there's a dangerous combination) into
> running the "virus" by hand - sort of like
> the "honor system" virus....
You're making the mistake of assuming that all worms and viruses
are E-Mail based. While it's true that the worst ones in the Windows
world include a "social engineering" E-Mail vector, that's only one
vector. The real worst ones, like Nimda and its ilk, do not require
E-Mail to propagate even when the CAN use E-Mail to help them propagate.
In the case of Klez, it certainly proves that human stupidity remains are
largest security vulnerability. But Nimda is out there on its own. TSIG
is out there on Linux on its own. Expect more. Expect worse.
> Joe
Mike
--
Michael H. Warfield | (770) 985-6132 | [email protected]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!