> Shaun wrote: > >> One trend I've noticed recently is that spammers appear to be tailoring >> the subject headers to individual recipients. I'm not talking about the >> crap where they stick your name in the subject, it seems they're getting >> much more specific, and perhaps tracking where they picked up an email >> address to begin with and which sort of subject lines might pique the >> recipient's interest. >> >> I receive a lot of spam where I glance at the subject - even if SA has >> tagged it - and actually have to wonder whether or not it's a legit >> message, because the subject is relevant to my interests. A quick >> example, >> >> Subject: The Redirect requests to SSL port option allows you to redirect >> requests to the specified SSL port. >> >> I do a lot with SSL, so naturally I opened up that email just to see >> what the heck they're on about. Of course it turns out to be a stock >> spam for CYTV. But I get a lot of spam now with unix-ish, programming, >> or other geek related subject lines that I have to take a look at >> because they _could_ be legit. > > I've seen a lot of spam lately (last 6-8 weeks -- maybe more) using, as > their "Subject" lines similar such "sentences" from online copies of > (mostly) Linux-ish books and "how to" articles (and often as the hash- > buster text in the message body). This may be loosely targeted -- we > quite possibly subscribe (and post?) to several similar mailing lists > and the use of our addresses _in this particular spam_ may be from > harvesting such lists or their web archives -- or it may be that some > spammer thinks (or knows from monitoring his RoI) that such "techno- > speak goobledegook" Subject: lines work better (non-tech folk _may_ > have been conditioned by much poorly-considered "tech support" to "dumb > down" when anyone starts "talking techie" at them...).
Whats the point we still chuck it away. Aaron _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
