Fighting spam with static filters is a battle you can't win. It is therefore recommended to use the Thunderbird built-in junk mail controls. Alternatively make use of your email providers spam filter. http://kb.mozillazine.org/Junk_Mail_Controls

Thunderbird's built-in junk controls are useless in this scenario, and I have SPAM filtering with my provider that catches most of it. The messages I'm trying to block are coming from a different domain/IP address every time (botnet I assume). This junk all has encoded Subjects to get past keyword filters, but all of the other mail I receive regularly has a plain-text Subject header - so my question still stands.

I get legitimate email using utf-8 in the subject line, so for some of us your simplistic "utf-8 == bad" association just doesn't work.

There are two add-ons, FiltaQuilla or Expression Search that I think will add regular expression tools to your filters, and these can be used to parse the subject line to detect non-ansii characters. I don't have a worked example here, but I have set up a filter just to tag incoming messages in order to assess how common the use of utf-8 in subjects is. My conclusion is that utf-8 is here to stay and I fully expect its use to become more widespread. I've also tried to reassure users that images appearing in the subject line are not carefully crafted malware, but just selected utf-8/unicode characters.

I'd also add in support of the previous comment that IMHO you are wasting your time trying to create filters for this.

Zenos thanks - a Regular Expression filter should work for what I need. I know that trying to filter keywords seems futile, but this is a very specific scenario I'm working on where I get the same 5 or 6 subjects practically daily. Being able to filter with RegEx will help.