Security Basics mailing list archives
RE: New Spam Technique
From: "Chinnery, Paul" <PaulC () mmcwm com>
Date: Fri, 20 Jul 2007 11:42:58 -0400
Our anti-spam engine catches many of them so they don't even make it into our "mail stream." We use Trend's ScanMail product which examines all email coming in so what the anti-spam doesn't catch and move to junk box, Scanmail will check for viruses/malware. I agree, blocking pdf's just isn't possible considering the number of authentic pdf's organizations get each day. It comes down to a case of acceptable risk. Paul Chinnery Network Administrator Memorial Medical Center -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Nick Duda Sent: Thursday, July 19, 2007 8:26 PM To: tony barry; Security Basics Forum Subject: RE: New Spam Technique Anything is always possible related to payloads and malware....thats a given. Your dealing with pretty muchall of us are dealing with, I'd like to know what others are doing to combat this. We use PDF via email lots, and for me to block it would be bad. For me to Qtine it would be bad, even with somethign like and EUQ solution. PDF sizes vary, so blocking based on size is hard. My employees are starting to complain about this, and I can't figure out a solution that is rock hard to block the bad and pass the good. What are others doing? We get hundred of these a day, if not more! ________________________________ From: listbounce () securityfocus com on behalf of tony barry Sent: Thu 7/19/2007 3:04 PM To: Security Basics Forum Subject: New Spam Technique Hi List, We operate several mail servers with catch all accounts and have noticed a lot of Mailer Daemon 'delivery failed messages mails from genuine sites (mostly German)arriving recently. It would seem the spammers are sending out e-mails with a PDF attachment and a forged senders address to bogus recipients at these organizations whose mail server rejects the message and sends notification to the forged sender. We have opened one attachment on an isolated machine and it was one of the 'watch these stocks they're going through the roof messages (not exactly sure of the details as my German is a bit rusty). My concern is that there could be a 'payload' embedded in the PDF. Is this possible? -- The Simple Server Company PO Box 51528 Pakuranga Auckland 021 413642 09 5768552 http://www.simpleserverco.com <http://www.simpleserverco.com/> This e-mail and any attached files transmitted with it are confidential and intended solely for the use of the addressees. If you have recieved this e-mail in error please inform the sender by sending a reply and delete this message.
Current thread:
- Re: New Spam Technique, (continued)
- Re: New Spam Technique WALI (Jul 20)
- Re: New Spam Technique Banyan He (Jul 23)
- RE: New Spam Technique Wheeler, Eric (Jul 23)
- Re: New Spam Technique Micheal Espinola Jr (Jul 23)
- Re: New Spam Technique Chris Halverson (Jul 23)
- RE: New Spam Technique Ben Greenbaum (Jul 25)
- Re: New Spam Technique Banyan He (Jul 25)
- Re: New Spam Technique Banyan He (Jul 23)
- Re: New Spam Technique WALI (Jul 20)