# FRAUDSTERS LIST
#
#  These are spammers who also engage in fraud of some type.

# ADVANCED FEE FRAUD (AFF)/NIGERIAN PATTERN GROUP
#
#  The more specific recipes are run first, and the generic
#  recipe last, to sort things properly.
#
#
LT4=no

# Advance Fee Fraud (Commercial)
#
# Last reported spam: 4/15/06
# Data files last updated: 4/15/06
#
# Other Relevant Info:
#
# See the following URLs for the scoop on these slimeballs:
#
#   http://www.secretservice.gov/alert419.shtml
#   http://home.rica.net/alphae/419coal/
#
TESTNAME='Advance Fee Fraud (Commercial)'
TESTPATTERNS=${SBDIR}/black/commercialaff-patterns.rc
TESTSCORE=${SPAMLEVEL}
INCLUDERC=${SBDIR}/functions/identify-spammer-patterns.rc
TESTLAST=20060415
TESTUPDATED=20060415
TESTTYPE=ALL

:0
* LOCALTAG ?? yes
{ LT4=yes }


# Advance Fee Fraud (Lotto)
#
# Last reported spam: 4/15/06
# Data files last updated: 4/15/06
#
# Other Relevant Info:
#
# See the following URLs for the scoop on these slimeballs:
#
#   http://www.secretservice.gov/alert419.shtml
#   http://home.rica.net/alphae/419coal/
#
:0
* LT4 ?? no
{
 TESTNAME='Advance Fee Fraud (Lotto)'
 TESTPATTERNS=${SBDIR}/black/lottoaff-patterns.rc
 TESTSCORE=${SPAMLEVEL}
 INCLUDERC=${SBDIR}/functions/identify-spammer-patterns.rc
 TESTLAST=20060415
 TESTUPDATED=20060415
 TESTTYPE=ALL

 :0
 * LOCALTAG ?? yes
 { LT4=yes }
}


# Advance Fee Fraud (Money Laundering)
#
# Last reported spam: 4/15/06
# Data files last updated: 4/15/06
#
# Other Relevant Info:
#
#
:0
* LT4 ?? no
{
 TESTNAME='Advance Fee Fraud (Money Laundering)'
 TESTPATTERNS=${SBDIR}/black/moneylaunderingaff-patterns.rc
 TESTSCORE=${SPAMLEVEL}
 INCLUDERC=${SBDIR}/functions/identify-spammer-patterns.rc
 TESTLAST=20060415
 TESTUPDATED=20060415
 TESTTYPE=ALL

 :0
 * LOCALTAG ?? yes
 { LT4=yes }
}


# Advance Fee Fraud (419)
#
# Last reported spam: 4/15/06
# Data files last updated: 4/15/06
#
# Other Relevant Info:
#
# See the following URLs for the scoop on these slimeballs:
#
#   http://www.secretservice.gov/alert419.shtml
#   http://home.rica.net/alphae/419coal/
#
:0
* LT4 ?? no
{
 TESTNAME='Advance Fee Fraud (419)'
 TESTPATTERNS=${SBDIR}/black/419aff-patterns.rc
 TESTSCORE=${SPAMLEVEL}
 TESTLAST=20060415
 TESTUPDATED=20060415
 TESTTYPE=ALL
 INCLUDERC=${SBDIR}/functions/identify-spammer-patterns.rc
}


# Identity Theft Frauds
#
# Last reported spam: 2/19/06
# Data files last updated: 2/19/06
#
# Other Relevant Info:
#
TESTNAME='Identity Theft'
TESTPATTERNS=${SBDIR}/black/identity-theft-patterns.rc
TESTSCORE=${SPAMLEVEL}
TESTLAST=20060219
TESTUPDATED=20060219
TESTTYPE=ALL
INCLUDERC=${SBDIR}/functions/identify-spammer-patterns.rc


# Joe-Jobs
#
# Last reported spam: 1/20/06
# Data files last updated: 2/19/06
#
#  This is for listing/filtering a whole string of known forgeries
#  and frauds perpetrated against companies that aren't targets so
#  constantly that I've written a particular filter to validate
#  email that appears to come from them.
#
TESTNAME='Joe Job'
TESTPATTERNS=${SBDIR}/black/joejob-patterns.rc
TESTSCORE=${SPAMLEVEL}
TESTLAST=20060120
TESTUPDATED=20060219
TESTTYPE=ALL
INCLUDERC=${SBDIR}/functions/identify-spammer-patterns.rc


# Phishes
#
# Last reported phish: 4/15/06
# Data files last updated:
#  Phish Domains: 4/15/06
#  Phish IPs: 4/15/06
#  Phish URLs: 4/15/06
#  Phish Targets: 4/15/06
#  Phish Patterns: 4/15/06
#
# Other Relevant Info:
#
# See the following URLs for the scoop on these slimeballs:
#
#   http://www.antiphishing.org/
#
TESTLAST=20060415

TESTNAME='Known Phish Domain'
TESTDOMAINS=${SBDIR}/black/phish-domains.txt
TESTSCORE=${SPAMLEVEL}
TESTUPDATED=20060415
TESTTYPE=BODY
INCLUDERC=${SBDIR}/functions/identify-body-domains.rc

TESTNAME='Known Phish IP (Current)'
TESTCIDR=${SBDIR}/black/phish-ips-0604.cidr
TESTSCORE=${SPAMLEVEL}
TESTUPDATED=20060415
TESTTYPE=BODY
INCLUDERC=${SBDIR}/functions/identify-body-cidr.rc

:0
* ! ^X-SBRule: Known Phish IP \(Current\)
{
 TESTNAME='Known Phish IP (Last Month)'
 TESTCIDR=${SBDIR}/black/phish-ips-0603.cidr
 TESTSCORE=${SPAMLEVEL}
 TESTUPDATED=20060331
 TESTTYPE=BODY
 INCLUDERC=${SBDIR}/functions/identify-body-cidr.rc
}

TESTNAME='Known Phish URL'
TESTPATTERNS=${SBDIR}/black/phish-urls.rc
TESTSCORE=${SPAMLEVEL}
TESTUPDATED=20060415
TESTTYPE=BODY
INCLUDERC=${SBDIR}/functions/identify-spammer-patterns.rc

TESTNAME='Phish Target/Forged Origin'
TESTPATTERNS=${SBDIR}/grey/phish-targets.rc
TESTSCORE=${BLOCKLEVEL}
TESTUPDATED=20060415
INCLUDERC=${SBDIR}/functions/identify-spammer-patterns.rc

TESTNAME='Phish Pattern'
TESTPATTERNS=${SBDIR}/grey/phish-patterns.rc
TESTSCORE=${BLOCKLEVEL}
TESTUPDATED=20060415
INCLUDERC=${SBDIR}/functions/identify-spammer-patterns.rc