Hi All, A few changes to update you all on: Spear.ndb change(s) * Fixed signature naming on certain feed types.* To have an address removed from the APER feed list (used by spear.ndb and scamnailer.ndb), take a look here: http://code.google.com/p/anti-phishing-email-reply/
* In order to help reduce situations where University's have cleaned up a compromised accounts, I've removed ac.uk/edu and k12 accounts *over 60 days* from the main APER feed. This has reduced the signatures from 11,508 to 10,908 at the time of writing. Feedback welcome, if you want this reduced to say 30 days.
* I'll look into more optimisations of the feed at a later date. Note:* scamnailer.ndb will still include all the feed data from APRR, as well as other spear phishing links * phish.ndb also contains generic spear phishing signatures, usually called Sanesecurity.Phishing.Fake.xxxxx, if you are having problems with spear phishing.
Email address change(s)Previously samples/false positive reports should have been sent to steveb (AT) webtibe.net. As the provider of this address is closing their email service in next couple of months, I've now setup a couple of new addresses to use instead:
* Missed Samples should be sent to: samples (AT) sanesecurity.me.uk (other automated feeds will have their own address)
* False Positive samples should be sent to: false_positive (AT) sanesecurity.me.uk
Cheers, Steve Sanesecurity