Security Basics mailing list archives

Re: New Spam Technique

From: Banyan He <banyan () rootong com>
Date: Tue, 24 Jul 2007 16:22:49 +0800

Hi Wheeler,

Can you pls show us some samples about it?

What the antispam appliance do you have?

Regards

Wheeler, Eric wrote:

I was trying to think of a way to block this but its rather difficult
when the email + the subject line + the attachment + the attachment

contents are different every time

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Banyan He
Sent: Saturday, July 21, 2007 9:41 AM
To: WALI
Cc: tony barry; Security Basics Forum
Subject: Re: New Spam Technique

Bad news, that pdf attachment contains the advertisement or the image.Actually, there is no appliance works on this perfectly. The pdf sizeshould be big or small.


WALI wrote:

Read, the nuances of catching pdf spam:

http://www.techworld.com/security/news/index.cfm?newsid=9031

----- Original Message ----- From: "tony barry" <tony () no-bull co nz>
To: "Security Basics Forum" <security-basics () securityfocus com>
Sent: Thursday, July 19, 2007 11:04 PM
Subject: New Spam Technique

Hi List,

We operate several mail servers with catch all accounts and have

noticed

a lot of Mailer Daemon 'delivery failed messages mails from genuine
sites (mostly German)arriving recently. It would seem the spammers

are

sending out e-mails with a PDF attachment and a forged senders

address

to bogus recipients at these organizations whose mail server rejects

the

message and sends notification to the forged sender. We have opened

one

attachment on an isolated machine and it was one of the 'watch these
stocks they're going through the roof messages (not exactly sure of

the

details as my German is a bit rusty). My concern is that there could

be

a 'payload' embedded in the PDF. Is this possible?


--
The Simple Server Company
PO Box 51528 Pakuranga
Auckland

021 413642  09 5768552

http://www.simpleserverco.com

This e-mail and any attached files transmitted with it are

confidential

and intended solely for the use of the addressees. If you have

recieved

this e-mail in error please inform the sender by sending a reply and
delete this message.


--
---------------
Banyan He
Email&Web Security
MSN: banyan.he () hotmail com
Skype: banyan.he
Email: banyan () rootong com
Website: http://www.rootong.com

Current thread:

New Spam Technique tony barry (Jul 19)
- Re: New Spam Technique Jan Heisterkamp (Jul 20)
- RE: New Spam Technique Nick Duda (Jul 20)
  - RE: New Spam Technique Ficks, Andrew (Jul 20)
- Re: New Spam Technique WALI (Jul 20)
  - Re: New Spam Technique Banyan He (Jul 23)
    - RE: New Spam Technique Wheeler, Eric (Jul 23)
    - Re: New Spam Technique Micheal Espinola Jr (Jul 23)
    - Re: New Spam Technique Chris Halverson (Jul 23)
    - RE: New Spam Technique Ben Greenbaum (Jul 25)
    - Re: New Spam Technique Banyan He (Jul 25)
- Re: New Spam Technique nate kelly (Jul 20)
- Re: New Spam Technique dallas jordan (Jul 20)
- <Possible follow-ups>
- RE: New Spam Technique Isaac Mbuthia (Jul 20)
- RE: New Spam Technique Chinnery, Paul (Jul 20)