Notes from an arms race.

Now that my radio programme is finally done (it will go out on December 28) I find it hard to return to normal life. So I have been poking around the records of my mailbox at Cornerhost. Since the middle of November, when last I reset the log, SpamAssassin has trashed more than 6500 messages for me. I don’t know quite how many, but there were 6592 unique subject lines used against me in that time, the output of this command.
grep B1 ‘dev/null’ ~/.procmail/log|grep -v ‘dev/null’|sort|uniq|cut -c 9 |wc -l
There are still some things that get through: what provoked this post was a poisoned spam which masquerades as a receipt for something bought with a stranger’s credit card:

Order number:6608526
Date: 15-DEC-2003

Customer information:

David Williams
2735 LINDLEY ST

BRIDGEPORT, CT 06606
USA


Qty. Item                             Unit Price     TAX       %     Total
==========================================================================

1 x Security Update

(Product ID: 986920)            USD   99.00    0.00   0.00%     99.00



========================================================================
TOTAL AMOUNT                                                   USD   99.00
=========



Payment type: Credit Card : XXXX-xXXX-XXXX-5830 (Not shown for security purposes)



======================================================================




Activate the product with the POP code:

16eTPqXqj20-7402nttYEx391-9KZyZqw-796hqkfaFdC-DpKw395-9218

The personalised activation code is a very nice touch, as is the fact that the payload is called “SecurityUpdate_v3.1.1.exe” I’m about to google this. For the moment, all I know is that the Panda antivirus scanner failed to detect anything odd in my mail at all. This is not reassuring.

This entry was posted in Software. Bookmark the permalink.

2 Responses to Notes from an arms race.

  1. Charles says:

    So, what happens on the Google? Sounds like an amazing virus/phishing type scam to work. They’re not dim, those people, which is part of the problem many people have about spam – they think that because the audience which responds to it is stupid, so are the spammers.

  2. el Patron says:

    Nothing showed up on Google at all. So this may be the first sighting.

    I was really impressed by the cleverness of the sellling letter. Someone put a lot of time and thought into this, and I’d guess the payload is correspondingly intricate and nasty, enough to make the infected nostalgic for the good old days when the worst that a virus would do was to vape the hard disk.

Comments are closed.