Re: 'Spam Forensics: Reverse-Engineering Spammer Tactics'
From: "Chris Santerre" <[EMAIL PROTECTED]> > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > >My slides from the presentation I gave at Toorcon 2004, 'Spam > >Forensics: > >Reverse-Engineering Spammer Tactics', are now up, if anyone's > >interested > >in having a read ;) > > > > http://spamassassin.apache.org/presentations/2004-09-Toorcon/html > > > > Very nice. Page 13: Detecting Hashbusters, 2, who the hell figured that out? > Damn! > > SARE has run into the problem that there isn't much NEW in spam to tag on. > SA, SURBL, and SARE have 99% of everything covered. Like you stated, most of > their tricks now end up being tagged. I'm real curious as to what they try > nextcause I'm kind of stumped as to how to get around this. Think like a > spammer to catch one. Crypto hashes rather than simple ROT-13? That way if only the sender knew the key it'd just be a random string of characters. There are a lot of things the spammers could do. (And there are too many hungry "victims" of the Dot Bomb with the technical knowledge and hunger that will swallow their ethics a little to produce the new things.) {^_^}
Re: 'Spam Forensics: Reverse-Engineering Spammer Tactics'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Santerre writes: > Very nice. Page 13: Detecting Hashbusters, 2, who the hell figured that out? > Damn! ;) > SARE has run into the problem that there isn't much NEW in spam to tag on. > SA, SURBL, and SARE have 99% of everything covered. Like you stated, most of > their tricks now end up being tagged. I'm real curious as to what they try > nextcause I'm kind of stumped as to how to get around this. Think like a > spammer to catch one. Oh, I'm sure they'll think up something - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBXF/uQTcbUG5Y7woRAu0cAJ9mkkDL8vOeKUi2ScEmkfTycRnR1ACgweIB AmylqUYqh0x5B66YxEQlewQ= =iXJM -END PGP SIGNATURE-
RE: 'Spam Forensics: Reverse-Engineering Spammer Tactics'
>-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Sent: Wednesday, September 29, 2004 6:37 PM >To: users@spamassassin.apache.org >Subject: 'Spam Forensics: Reverse-Engineering Spammer Tactics' > > >My slides from the presentation I gave at Toorcon 2004, 'Spam >Forensics: >Reverse-Engineering Spammer Tactics', are now up, if anyone's >interested >in having a read ;) > > http://spamassassin.apache.org/presentations/2004-09-Toorcon/html > Very nice. Page 13: Detecting Hashbusters, 2, who the hell figured that out? Damn! SARE has run into the problem that there isn't much NEW in spam to tag on. SA, SURBL, and SARE have 99% of everything covered. Like you stated, most of their tricks now end up being tagged. I'm real curious as to what they try nextcause I'm kind of stumped as to how to get around this. Think like a spammer to catch one. --Chris
'Spam Forensics: Reverse-Engineering Spammer Tactics'
My slides from the presentation I gave at Toorcon 2004, 'Spam Forensics: Reverse-Engineering Spammer Tactics', are now up, if anyone's interested in having a read ;) http://spamassassin.apache.org/presentations/2004-09-Toorcon/html --j.