This particular spam has been getting through and it gets sent out
a lot - I'm sick of seeing it. It'll be tricky to detect because
it's HTML only, doesn't have any webbugs, and they use different
webservers and paths for the image they display (which happens to
be enhancement drugs). It looks like they're using compromised
machines to send it out.
Any ideas how to nail this one?
Steve
---------------------------------------------------------------------
Return-Path: <christine.swan_xn@cc.hut.fi>
Received: from worldcom.ch (d14-69-237-197.try.wideopenwest.com
[69.14.197.237])
by geekster.com (8.12.1/8.12.1) with ESMTP id i270h8t9013314
for <sprior@geekster.com>; Sat, 6 Mar 2004 19:43:09 -0500
From: "Christine Swan" <christine.swan_xn@cc.hut.fi>
Date: Sun, 07 Mar 2004 00:39:22 +0000
X-Mailer: Windows Eudora Pro Version 2.2 (32)
MIME-Version: 1.0
To: sprior@geekster.com
Message-ID: <2.2.32.20040307003922008c8652@cc.hut.fi>
Subject: =?ISO-8859-1?B?SW1tZWRpYXRlIERlbGl2ZXJ5ISBObyBXYWl0cyE=?=
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_047A_905BF472.794F1CF6"
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on tux.geekster.com
X-Spam-Status: No, hits=3.0 required=5.0
tests=HTML_60_70,HTML_IMAGE_ONLY_02,
HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MANY_EXCLAMATIONS autolearn=no
version=2.63
X-Spam-Level: **
This is a multi-part message in MIME format.
------=_NextPart_000_047A_905BF472.794F1CF6
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
------=_NextPart_000_047A_905BF472.794F1CF6
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
<html><body>
<center><!--q1w16bRkK4VrdjZ--><a href="http://www.awbizwe.com"><img
src="http://www.esase44.com/z7.gif" border=0></a></center>
<body></html>
------=_NextPart_000_047A_905BF472.794F1CF6--
a lot - I'm sick of seeing it. It'll be tricky to detect because
it's HTML only, doesn't have any webbugs, and they use different
webservers and paths for the image they display (which happens to
be enhancement drugs). It looks like they're using compromised
machines to send it out.
Any ideas how to nail this one?
Steve
---------------------------------------------------------------------
Return-Path: <christine.swan_xn@cc.hut.fi>
Received: from worldcom.ch (d14-69-237-197.try.wideopenwest.com
[69.14.197.237])
by geekster.com (8.12.1/8.12.1) with ESMTP id i270h8t9013314
for <sprior@geekster.com>; Sat, 6 Mar 2004 19:43:09 -0500
From: "Christine Swan" <christine.swan_xn@cc.hut.fi>
Date: Sun, 07 Mar 2004 00:39:22 +0000
X-Mailer: Windows Eudora Pro Version 2.2 (32)
MIME-Version: 1.0
To: sprior@geekster.com
Message-ID: <2.2.32.20040307003922008c8652@cc.hut.fi>
Subject: =?ISO-8859-1?B?SW1tZWRpYXRlIERlbGl2ZXJ5ISBObyBXYWl0cyE=?=
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_047A_905BF472.794F1CF6"
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on tux.geekster.com
X-Spam-Status: No, hits=3.0 required=5.0
tests=HTML_60_70,HTML_IMAGE_ONLY_02,
HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MANY_EXCLAMATIONS autolearn=no
version=2.63
X-Spam-Level: **
This is a multi-part message in MIME format.
------=_NextPart_000_047A_905BF472.794F1CF6
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
------=_NextPart_000_047A_905BF472.794F1CF6
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
<html><body>
<center><!--q1w16bRkK4VrdjZ--><a href="http://www.awbizwe.com"><img
src="http://www.esase44.com/z7.gif" border=0></a></center>
<body></html>
------=_NextPart_000_047A_905BF472.794F1CF6--