You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Chr. v. Stuckrad" <st...@mi.fu-berlin.de> on 2006/11/22 01:47:53 UTC
Sudden drop in spam-rate, parallel to a surge of new trojans - beware
Hi!
Yesterday we had a sudden drop in spam-percentage from >80% to near 60%.
Parallel to it I got six copies of an undetectable (by NAI and ClamAV)
new trojan 'exe' in the Mail.
Do we have to prepare for a new flood by an updated
(just now reorganizing) botnet?
Stucki
--
Christoph von Stuckrad * * |nickname |<st...@mi.fu-berlin.de> \
Freie Universitaet Berlin |/_*|'stucki' |Tel(days):+49 30 838-5 57 78|
Mathematik & Informatik EDV |\ *|if online|Tel(else):+49 30 77 39 66 00|
Arnimallee 6 / 14195 Berlin * * |on IRCnet|Fax(alle):+49 30 838-75 454/
Re: Sudden drop in spam-rate, parallel to a surge of new trojans - beware
Posted by Chris <cp...@earthlink.net>.
On Wednesday 22 November 2006 9:54 am, Andrew Hearn (AAISP) wrote:
> Chris wrote:
> > Total: 580 reports in 39m 28s. 4.08 seconds per report.
> > Tue Nov 21 22:08:56 CST 2006
>
> Sorry to be OT, but are these spam stats a built in feature of SA, or
> have you got a plugin to get this information? Thanks!
Neither actually, they are gotten from running a script called
"monthly-asn-report and "monthly-cidr-report". These two scripts from the
my NANAS report logs which are generated by a series of scripts called
SpamTools by Karsten Self. These and other useful scripts can be downloaded
here:
http://linuxmafia.com/~karsten/Download/
If you do download and decide to run this give me a yell if you have any
problems.
--
Chris
Re: Sudden drop in spam-rate, parallel to a surge of new trojans
- beware
Posted by "Andrew Hearn (AAISP)" <an...@aaisp.net.uk>.
Chris wrote:
> On Tuesday 21 November 2006 6:47 pm, Chr. v. Stuckrad wrote:
>> Hi!
>>
>> Yesterday we had a sudden drop in spam-percentage from >80% to near 60%.
>> Parallel to it I got six copies of an undetectable (by NAI and ClamAV)
>> new trojan 'exe' in the Mail.
>>
>> Do we have to prepare for a new flood by an updated
>> (just now reorganizing) botnet?
>>
>> Stucki
>
> Yes, I did see a drop in yesterdays spam load:
>
> Total: 255 reports in 16m 54s. 3.97 seconds per report.
> Mon Nov 20 21:01:17 CST 2006
>
> compared with Sunday's:
>
> Total: 434 reports in 30m 34s. 4.22 seconds per report.
> Sun Nov 19 20:03:19 CST 2006
>
> But today's was a killer!:
>
> Total: 580 reports in 39m 28s. 4.08 seconds per report.
> Tue Nov 21 22:08:56 CST 2006
>
Sorry to be OT, but are these spam stats a built in feature of SA, or
have you got a plugin to get this information? Thanks!
--
Andrew Hearn
Tools-Monitoring Spam vs Ham, etc.
Posted by twofers <tw...@yahoo.com>.
What tool, or maybe I already have it and don't know it, can I use to get email stastics on my server and domains? Like total emails, those tagged as spam, etc?
I have FC2, qmail, Spamassassin 3.1.7
Is sa-tools helpful? Is it worth installing?
Thanks,
Wes
---------------------------------
Sponsored Link
Mortgage rates near historic lows: $150,000 loan as low as $579/mo. Intro-*Terms
Re: Sudden drop in spam-rate,
parallel to a surge of new trojans - beware
Posted by John Andersen <js...@pen.homeip.net>.
On Tuesday 21 November 2006 19:14, Chris wrote:
> On Tuesday 21 November 2006 6:47 pm, Chr. v. Stuckrad wrote:
> > Hi!
> >
> > Yesterday we had a sudden drop in spam-percentage from >80% to near 60%.
> > Parallel to it I got six copies of an undetectable (by NAI and ClamAV)
> > new trojan 'exe' in the Mail.
> >
> > Do we have to prepare for a new flood by an updated
> > (just now reorganizing) botnet?
> >
> > Stucki
>
> Yes, I did see a drop in yesterdays spam load:
Seems to be offset by an increase in "Me Again" spams
dozens of which floated right thru SA.
That and "your credit rating doesn't matter to us"
which also evade filters rather effectively, including
all the network tests.
--
_____________________________________
John Andersen
Re: Sudden drop in spam-rate, parallel to a surge of new trojans - beware
Posted by Chris <cp...@earthlink.net>.
On Tuesday 21 November 2006 6:47 pm, Chr. v. Stuckrad wrote:
> Hi!
>
> Yesterday we had a sudden drop in spam-percentage from >80% to near 60%.
> Parallel to it I got six copies of an undetectable (by NAI and ClamAV)
> new trojan 'exe' in the Mail.
>
> Do we have to prepare for a new flood by an updated
> (just now reorganizing) botnet?
>
> Stucki
Yes, I did see a drop in yesterdays spam load:
Total: 255 reports in 16m 54s. 3.97 seconds per report.
Mon Nov 20 21:01:17 CST 2006
compared with Sunday's:
Total: 434 reports in 30m 34s. 4.22 seconds per report.
Sun Nov 19 20:03:19 CST 2006
But today's was a killer!:
Total: 580 reports in 39m 28s. 4.08 seconds per report.
Tue Nov 21 22:08:56 CST 2006
--
Chris