[LINK] DOS Spam

Rachel Polanskis grove at zeta.org.au
Thu Nov 1 18:30:04 AEDT 2012


I have been getting that one periodically for months.  Each time, it is the same thing, but
slightly different images in each set.  I think it is just a benign conspiracy theory....


rachel

--
rachel polanskis 
<r.polanskis at uws.edu.au> 
<grove at zeta.org.au>

On 01/11/2012, at 18:04, Richard Chirgwin <rchirgwin at ozemail.com.au> wrote:

> Roger,
> 
> It seems to be a kook rather than an attacker. Here's a Reddit thread:
> http://www.reddit.com/r/WTF/comments/l44r1/i_just_got_this_email_at_work_i_have_no_idea_what/
> 
> The blogs from which it originated have been pulled by Wordpress for 
> terms-of-service violations.
> 
> It's supposed to render an image with some psuedo-prophetic mumbo-jumbo.
> 
> Richard C
> 
> On 1/11/12 4:04 PM, Roger Clarke wrote:
>> I've wondered for years about the risk of email being blocked by
>> large-scale spam.
>> 
>> I assume that there are filters at various points in the network,
>> including at individual IAPs, that block the most extreme forms of
>> attachment-laden emails.
>> 
>> But I just got one (well two copies of the same email) with 299 files
>> totalling 7.5MB).  Headers below.
>> 
>> I for one have never have never got around to converting from POP to
>> IMAP, but if this spam is a sign of things to come, maybe we'll all
>> be needing to do so.
>> 
>> ________________________________________________
>> 
>> Return-path: <233558938299 at dysgo.org>
>> Envelope-to: Roger.Clarke at xamax.com.au
>> Delivery-date: Thu, 01 Nov 2012 15:51:57 +1100
>> Received: from maildrop2.anu.edu.au ([130.56.64.108]:48517)
>>    by cpanel01.infinite.net.au with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
>>    (Exim 4.80)
>>    (envelope-from <233558938299 at dysgo.org>)
>>    id 1TTml2-0003Mh-3Q
>>    for Roger.Clarke at xamax.com.au; Thu, 01 Nov 2012 15:51:57 +1100
>> Received: from mailin1.anu.edu.au (snatpool01-5.anu.edu.au [130.56.66.109])
>>    by maildrop2.anu.edu.au (8.13.8/8.13.8) with ESMTP id qA14pwmV026251
>>    for <roger.clarke at anu.edu.au>; Thu, 1 Nov 2012 15:51:58 +1100
>> Received: from mailin1.anu.edu.au (localhost.localdomain [127.0.0.1])
>>    by localhost (Postfix) with SMTP id 5C4D617E8004
>>    for <roger.clarke at anu.edu.au>; Thu,  1 Nov 2012 15:51:57 +1100 (EST)
>> Received: from server94.dysgo.org (unknown [199.116.118.58])
>>    by mailin1.anu.edu.au (Postfix) with ESMTP id 60F7A17E8003
>>    for <roger.clarke at anu.edu.au>; Thu,  1 Nov 2012 15:51:48 +1100 (EST)
>> Received: from server94.dysgo.org (server94.dysgo.org [199.116.118.58])
>>    by server94.dysgo.org (Postfix) with ESMTP id 190942368464
>>    for <roger.clarke at anu.edu.au>; Thu,  1 Nov 2012 07:51:46 +0300 (MSK)
>> Message-ID: <8702985.1351745506092.JavaMail.972496728454 at server94.dysgo.org>
>> Date: Thu, 1 Nov 2012 07:51:46 +0300 (MSK)
>> From: 233558938299 at dysgo.org
>> To: roger.clarke at anu.edu.au
>> Subject: 462948042433
>> Mime-Version: 1.0
>> Content-Type: multipart/mixed;
>>    boundary="----=_Part_247_29775659.1351745506081"
>> X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379,
>> Antispam-Data: 2012.11.1.44226 external
>> X-Spam-Score: * (5)
>> X-PMX-Spam-Score: # (28%)
>> X-PerlMx-Spam: Gauge=XXIIIIIIII, Probability=28%, Report='
>>   FROM_ALL_NUMS 1.8, HTML_999_100 0.6, EMPTY_BODY 0.1, HTML_90_100
>> 0.1, HTML_95_100 0.1, HTML_98_100 0.1, HTML_99_100 0.1, HTML_NO_HTTP
>> 0.1, SUBJ_1WORD 0.1, MIME_LOWER_CASE 0.05, JPG_COMMON_HEADER_ORDER 0,
>> JPG_PIXPERBYTE_HIGH 0, JPG_PIXPERBYTE_MED 0, JPG_SPAMMY_SEGMENT 0,
>> JPG_SPAMMY_Y_RESOLUTION 0, JPG_SPAM_ATTACHED 0, LINK_TO_IMAGE 0,
>> NO_REAL_NAME 0, RDNS_NXDOMAIN 0, RDNS_SUSP 0, RDNS_SUSP_GENERIC 0,
>> __ANY_URI 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0,
>> __CTYPE_MULTIPART_MIXED 0, __EMBEDDED_IMG 0, __FRAUD_SUBJ_ALLCAPS 0,
>> __FROM_JUST_NUMBER 0, __HAS_FROM 0, __HAS_HTML 0, __HAS_MSGID 0,
>> __JPG_HEIGHT_100 0, __JPG_SPAMMY_SEGMENT_2 0,
>> __JPG_SPAMMY_Y_RESOLUTION_1 0, __JPG_SPAMMY_Y_RESOLUTION_2 0,
>> __JPG_SPAMMY_Y_RESOLUTION_3 0, __JPG_SPAMMY_Y_RESOLUTION_4 0,
>> __JPG_SPAMMY_Y_RESOLUTION_5 0, __JPG_WIDTH_100 0, __MIME_HTML 0,
>> __MIME_VERSION 0, __RUS_MIME_NO_TEXT 0, __SANE_MSGID 0,
>>   __TAG_EXISTS_HTML 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0,
>> __URI_NO_MAILTO 0, __URI_NO_PATH 0, __URI_NO_WWW 0'
>> 
>> <x-html><!x-stuff-for-pete base="" src="" id="0"
>> charset="iso-8859-1/macintosh"><HTML><HEAD>
>> <META content="text/html; charset=utf-8" http-equiv=Content-Type>
>> </HEAD>
>> <BODY>
>> <P><IMG border=0 hspace=0 alt="" align=baseline src="cid:391435062178.jpg" /);
>> <P><IMG border=0 hspace=0 alt="" align=baseline src="cid:186055462795.jpg" /);
>> 
>> ...
>> 
> 
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link




More information about the Link mailing list