There is a new spam outbreak that hit today, spam in mp3's. The filenames of the spam varies, and includes some of the following:
We've got some spam rules out there to catch these things, we'll know in the next couple of days how effective they are.
PingBack from http://www.artofbam.com/wordpress/?p=10329
All day today I've been getting German stock spam... Terry Zink's Anti-spam Blog : New spam outbreak
hi Terry --
it's output from the Storm botnet. These SpamAssassin 3.2.x rules catch it:
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader __CTYPE_STORM_MP3_1 Content-Type:raw =~ /^audio\/mpeg;\n name=\"[a-z]+\.m
p3\"$/s
mimeheader __CDISP_STORM_MP3_1 Content-Disposition:raw =~ /^inline;\n filename=\"[a-
z]+\.mp3\"$/s
mimeheader __CTYPE_STORM_MP3_2 Content-Type:raw =~ /^audio\/mpeg;\n\tname=\"[a-z]+\.
mp3\"$/s
mimeheader __CDISP_STORM_MP3_2 Content-Disposition:raw =~ /^attachment;\n\tfilename=
\"[a-z]+\.mp3\"$/s
meta JM_STORM_MP3 ((__CTYPE_STORM_MP3_1&&__CDISP_STORM_MP3_1) || (__CTYPE_STORM
_MP3_2&&__CDISP_STORM_MP3_2))
Uploaded some "sample MP3-SPAM" <a href="https://www.adminlife.net/news/mp3-spam/">here</a>.
I think this MP3 SPAM will be easy to catch.