Re: New Spam Technique

[Banyan He <banyan () rootong com>]

Bad news, that pdf attachment contains the advertisement or the image. 
Actually, there is no appliance works on this perfectly. The pdf size 
should be big or small.

WALI wrote:
> Read, the nuances of catching pdf spam:
>
> http://www.techworld.com/security/news/index.cfm?newsid=9031
>
> ----- Original Message ----- From: "tony barry" <tony () no-bull co nz>
> To: "Security Basics Forum" <security-basics () securityfocus com>
> Sent: Thursday, July 19, 2007 11:04 PM
> Subject: New Spam Technique
>
>
> > Hi List,
> >
> > We operate several mail servers with catch all accounts and have noticed
> > a lot of Mailer Daemon 'delivery failed messages mails from genuine
> > sites (mostly German)arriving recently. It would seem the spammers are
> > sending out e-mails with a PDF attachment and a forged senders address
> > to bogus recipients at these organizations whose mail server rejects the
> > message and sends notification to the forged sender. We have opened one
> > attachment on an isolated machine and it was one of the 'watch these
> > stocks they're going through the roof messages (not exactly sure of the
> > details as my German is a bit rusty). My concern is that there could be
> > a 'payload' embedded in the PDF. Is this possible?
> >
> >
> > --
> > The Simple Server Company
> > PO Box 51528 Pakuranga
> > Auckland
> >
> > 021 413642  09 5768552
> >
> > http://www.simpleserverco.com
> >
> > This e-mail and any attached files transmitted with it are confidential
> > and intended solely for the use of the addressees. If you have recieved
> > this e-mail in error please inform the sender by sending a reply and
> > delete this message.

--
---------------
Banyan He
Email&Web Security
MSN: banyan.he () hotmail com
Skype: banyan.he
Email: banyan () rootong com
http://www.rootong.com