Bitcoin spam using UTF-8 mathematical monospace characters-- except
that the html tags have to be in the low ascii character range of
UTF-8.
Does outlook.com make any effort at all to filter outbound mail? In
the past 6 hours we've had 768 of these from 256 different accounts. I
have had full raw message for only three in the past few days and I
have sent them to abuse@outlook.com.
FYI part of the sender list below. I don't perceive a pattern to how
they are generated. (This is from sort -u, not the order of arrival.)
<abfmariskaqq@outlook.com>
<acpbrearjck@outlook.com>
<affrederickzc@outlook.com>
<afmkaryntkg@outlook.com>
<ahtsidoniapqf@outlook.com>
<amflovedj@outlook.com>
<atcullanbv@outlook.com>
<bablinciwg@outlook.com>
<bafloryuf@outlook.com>
<bbeerichctu@outlook.com>
<bctobeyiq@outlook.com>
<bdcorendancp@outlook.com>
<bdqannecno@outlook.com>
<bietarynrze@outlook.com>
<bjbebefg@outlook.com>
<blaliceaaja@outlook.com>
<buwreniekm@outlook.com>
<bvkristinawl@outlook.com>
<bvroddiebu@outlook.com>
<bxdduffis@outlook.com>
<bxycarolynzu@outlook.com>
<bydasihxb@outlook.com>
<caethellq@outlook.com>
<camorissabb@outlook.com>
<cbjillanexnc@outlook.com>
<ccvlyndyjls@outlook.com>
<clxjamillms@outlook.com>
On Thu, Apr 23, 2020 at 2:41 AM Henrik K <hege@hege.li> wrote:
>
> On Wed, Apr 22, 2020 at 04:54:22PM -0700, John Hardin wrote:
> > On Wed, 22 Apr 2020, Giovanni Bechis wrote:
> >
> > >On 4/22/20 5:43 PM, Henrik K wrote:
> > >>
> > >>I've updated replace_tags with these 4-byte UTF-8 characters, whatever they
> > >>are, will look more indepth later..
> > >>
> > >you have been faster, I have the same diff on my tree and I was going to commit it :-)
> >
> > The italic and lowercase variants will be needed too. I expect we could skip
> > the Script ones as too unclear to be reasonable obfuscations, but a lot of
> > the Fraktur ones look clear enough to include.
> >
> > https://www.utf8-chartable.de/unicode-utf8-table.pl?start=119808&number=1024
> >
> > What a fun weekend project. {rolleyes}
>
> One should do something useful with their life or family, I suggest ignoring
> this game of whackamole unless it takes few minutes. :-D It's pointless to
> try adding all combinations in _advance_, since all this is extremely simple
> to bypass with random typos and whitespaces and whatever chars..
>
--
Joseph Brennan
Lead, Email and Systems Applications