Feeds:
RSS
Atom

Spammers adapt (zip spam)

01. August 2007 by Dmitry Dulepov
Submitting your vote...
Not rated yet. Be the first who rates this item!
Click the rating bar to rate this item.

Less than a month ago spammers started to send spam using PDF files. SARE reacted immediately providing PDFInfo ruleset for SpamAssassin. Thanks to them, ruleset was very effective. My current setup is almost spam free due to combining of several spam-fighting techniques. But I was getting so much of this PDF spam and was so happy to get rid of it with new SARE rules.

Now spammers adapted. They send attachments az pseudo-zip files (in fact, rar files), which are not caught by any filters. Fortunately I found that ClamAV can catch [almost] all this spam with SaneSecurity signatures.

I downloaded a script to check for and get new signatures, and now I am already started to catch this spam. Spammers are out of luck again...

Like it? Then bookmark it! digg.comdel.icio.usgoogle.comMyLink.deYahooMyWebTechnoratiFurllive.comnetscapeTagThatWebnews

3 Comments

  1. on Thursday, 02-08-07 16:53 polarizers 2 cents
    Really helpful, but I'd to ask g00gle for the deep link [1]. The page you mentioned in your article does not contain any link to the page were the plugin is hosted.

    polarizers 2 cents

    [1] www.rulesemporium.com/plugins.htm
  2. on Tuesday, 07-08-07 13:00 Jorgo
    I've set up my own mail server for my domain and I have been able to get rid of 99,9% of spam simply by using GREYLISTING.
    GREYLISTING is a system, currently employed by Yahoo, most notably, where the receiving mail server basically asks the sender to retry again in a few minutes.

    Current spam strategies are using botnets to send out spam in batches, where 1 IP always tries to deliever several spam-emails under different sender names.
    Due to the nature of spam, it is almost impossible for them to do retries, because they are probably sending out millions of emails daily, and if they retry, they usually do so within 5-20 seconds.

    Setting the minimum greylisting interval to 2 or 3 will get rid of them all. The tradeoff is email delivery which is not real-time anymore, but IMHO it's more than worth it.
  3. on Thursday, 09-08-07 14:16 Dmitry
    I also do greylisting but it does not save from all spam. By using other methods I was able to get rid of most spam, which bypasses greylisting. For example, I cannot greylist mailserver, which forwards me mailfrom typo3.org mail account - it is just useless. But SpamAssassin and some other methods to well with spam to that account.

Leave a Reply