After a frustrating week, I was going to completely ignore work this weekend, but today’s return of the zombie Nazi spambots demanded attention. Many Germans are understandably disturbed by neo-Nazi mails sent by the latest variant of the Sober virus. Users who don’t bat an eye at porn, drug or gambling spam are bothered by these mails, which apparently are related to the election in Nordrhein-Westfalen next Sunday (the wave of Nazi spam last summer was a week before the European Parliament elections).
One of our domains is apparently misconfiured, so mails to non-existent addresses is sent to postmaster (i.e. me) instead of being bounced. So I quickly acquired several hundred examples of the latest Nazi spam in my inbox. After finding 26 “Subject:” lines on my own, I found the same ones in a list of spamassassin rules for Nazi spam, plus 4 subjects in English that I hadn’t seen. If you have postfix, you can filter Nazi spam with header_checks, which is even better.
{ 2 comments… read them below or add one }
I was just going to say that I get tons of spam but hadn’t got any of that sort yet, but I took a look at the subject lines in your link and it looks like the first one did actually roll in tonight. Ugh.
Most of the SOBER.P zombies seem to be using T-ONLINE or T-MOBILE.DE
This stuff won’t go away until we get authentication tokens in email bodies