Another thing I am seeing that I need to investigate more is possible spam from say paypal and the REVDNS ends in say paypal.com. But it will have to wait until Sunday night.
John T eServices For You "Seek, and ye shall find!" > -----Original Message----- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of > Pete McNeil > Sent: Saturday, May 20, 2006 2:19 PM > To: Message Sniffer Community > Subject: [sniffer]SpamStorm! > > Hello Sniffer Folks, > > It's been a while since I've made an announcement like this, but I > thought I would warn you if you're not already seeing it--- > > Today we have seen several high amplitude bursts of new spam that > appear to be coordinated to hit at a particular moment. These bursts > appear to contain campaigns in "all flavors" and appear to be from a > wide variety of sources (as identified by coding tactics, > methodologies, subject matter, obfuscation techniques, etc...) > > It appears to me that even factions which generally don't get along > are more than happy to jump on the "burst" bandwagon at present. > > About 30 hours ago the first heavy burst began with new spam and > variants arriving at a rate 6 times normal. > > Another similar burst is currently underway which began roughly 3 > hours ago and has sustained a similar rate throughout that period. > > Not only is the rate of new variations very high but the overall > bandwidth of the campaigns is also very high. > > This overall pattern of bursts seems to have begun roughly 3 days ago > - perhaps around the time of the demise of bluesky. > > The pattern of traffic is very similar to the pattern that we saw > beginning last year when we identified an apparent shift in spam > delivery patterns: > > http://www.sortmonster.com/MessageSniffer/Help/Papers/OrganizedBlackHats/ > > I've attached images of our current 2 day and 30 day graphs for those > who are interested in such things. > > I recommend that if you have a way to tune your systems to be more > strict (perhaps at the expense of some FPs) then now might be a good > time to make that tradeoff. > > Best, > > _M > > -- > Pete McNeil > Chief Scientist, > Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
