You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2009/04/10 14:00:35 UTC
poor phisher has nimda?
just when you thought nimda was dead !
A couple of interesting things in this spam, including the use of some
<span class=SpellE>First</span><span Class=SpellE>last</span>
<http://pastebin.com/m3c5544f7>
(lots of them) almost like the '[]' block art ED adds of last week.
also, the email ends in:
</html>
<html>
<scripts.....>
(shouldn't a multi line rawbody check, or a plugin html check score
something that has a <html> AFTER the closing </html>?
and then there is the nimda looking stuff, where it tries to pop open a
readme.eml .
so, what is it trying to do, bank of america phishing? phishing along
with nimda?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________