Security Basics mailing list archives

Re: New Spam Technique

From: Jan Heisterkamp <janheisterkamp () web de>
Date: Thu, 19 Jul 2007 18:08:10 -0600

I've received this files now for near three weeks now, I havn't found any.
Regarding a possible 'payload' you might look here:
Storm-Worm [ 13 Jul 2007]:

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1264240,00.htmlorsomething older information about the Peachy-Virus [2001]:

http://news.com.com/New+virus+travels+in+PDF+files/2100-1001_3-271267.html
Backdooring PDF:
http://michaeldaw.org/md-hacks/backdooring-pdf-files/

I'm sure you will find more out there, just use the searchengine of yourchoice.

Regards
Jan



tony barry schrieb:

Hi List,

We operate several mail servers with catch all accounts and have noticed
a lot of Mailer Daemon 'delivery failed messages mails from genuine
sites (mostly German)arriving recently. It would seem the spammers are
sending out e-mails with a PDF attachment and a forged senders address
to bogus recipients at these organizations whose mail server rejects the
message and sends notification to the forged sender. We have opened one
attachment on an isolated machine and it was one of the 'watch these
stocks they're going through the roof messages (not exactly sure of the
details as my German is a bit rusty). My concern is that there could be
a 'payload' embedded in the PDF. Is this possible?

Current thread:

New Spam Technique tony barry (Jul 19)
- Re: New Spam Technique Jan Heisterkamp (Jul 20)
- RE: New Spam Technique Nick Duda (Jul 20)
  - RE: New Spam Technique Ficks, Andrew (Jul 20)
- Re: New Spam Technique WALI (Jul 20)
  - Re: New Spam Technique Banyan He (Jul 23)
    - RE: New Spam Technique Wheeler, Eric (Jul 23)
    - Re: New Spam Technique Micheal Espinola Jr (Jul 23)
    - Re: New Spam Technique Chris Halverson (Jul 23)
    - RE: New Spam Technique Ben Greenbaum (Jul 25)
    - Re: New Spam Technique Banyan He (Jul 25)
- Re: New Spam Technique nate kelly (Jul 20)

(Thread continues...)