breaking the training db
Matthias Andree
matthias.andree at gmx.de
Tue Sep 23 01:52:49 CEST 2003
On Mon, 22 Sep 2003, Jef Poskanzer wrote:
> >only handle by bulk erasing and bouncing anything that remotely looks
> >like windows active content (I thought W32.Sobig.? had been nasty, but
> >then came Swen, and it's really close to DoS: 30 worms received per hour
>
> Swen is a peculiar one. I got hit harder by SoBig.F than almost
> anyone else - 4000/hour, plus bounces! - but I've gotten maybe
> 30 Swens total. I'm hearing widely varying numbers from other
> folks too, some are getting happered by Swen like you and some
> are getting barely any like me. Dunno.
Address harvesting profiles of the worm in question certainly has to do
with the issue. I have tons of Usenet postings, I should set up a
spamtrap address to Usenet and see if I start getting worms to that
address... (OTOH, this mail address is used ANYWHERE, FreeBSD ports,
mailing lists, web sites, you name it, so getting _this_ address clean
is impossible.)
--
Matthias Andree
Encrypt your mail: my GnuPG key ID is 0x052E7D95
More information about the Bogofilter
mailing list