Guys, anyone else seeing these? What I am mostly interested in is,
whether this pattern is specific to this long-standing German spam run,
or if there are actually payload variants in other languages, too.
header BCDE From:addr =~ /^(?:[bcde][a-z]){16,}\@/
Going from memory, they are botnet generated and usually hit PBL. Please
don't feel left out if you're not seeing them, and reject at the SMTP
level based on ZEN. Don't even bother grepping your reject logs -- the
Envelope-From does not match this pattern, but uses an unrelated, almost
as stupid forged address.
Bonus points if you find a FP match. ;)
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
