Re: Pointless email spam

["Scherck, Daniel" <scherckd () EVERGREEN EDU>]

AFAIK there are three potential uses for these types of spam:


1.       Hidden images - If it's HTML it may contain a hidden image that causes your computer to contact a remote 
server upon reading it. This can be a vector for malware, or even just verifying that they got a hit.

2.       Verify good emails  via reply - Sometimes people reply to ask what the heck, and thereby verify that they are 
a good email address.

3.       Spam Filter overload - Sometimes they just try to overload your filters with a bunch of nonsense, so that you 
end up trying to filter out all kinds of things, and increase your false-positives count. If they can get that high 
enough, they may force the admins to relax / rollback the filtering due to user outrage. Kind of a roundabout way of 
doing it, but I have heard of that being one of their methods.

Dan Scherck
The Evergreen State College

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Heath 
Barnhart
Sent: Monday, April 15, 2013 10:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Pointless email spam

A probe maybe? The messages don't contain anything a filter would jump on, like images or links. Just some random text. 
I'm not as familiar with SMTP headers as I probably should be, but would the response headers from a successful 
transaction glean any information about the receiving mail system?


Heath Barnhart, CCNA

ITS Network Administrator

Washburn University

Topeka, KS

On 04/15/2013 10:46 AM, Dennis Bohn wrote:
We have been seeing these sort-of literary ones, like your sample #2.  No idea what purpose.
best,
Dennis Bohn
Manager of Network and Systems
Adelphi University
bohn () adelphi edu<mailto:bohn () adelphi edu>
5168773327

On Mon, Apr 15, 2013 at 7:34 AM, Gary Warner <gar () cis uab edu<mailto:gar () cis uab edu>> wrote:
Are other schools seeing a big uptick in "no purpose" spam messages?  Wondering if this is an enormous email address 
list cleanse/harvest? or what other motives anyone might theorize on this?

Here are three sample email bodies.  No attachment, no links.  Can't PROVE they are related, just coincidence of timing 
and pointlessness.


++++++++++++++++++++
(received from myschoolemail.net<http://myschoolemail.net> 173.246.104.97<tel:173.246.104.97>)
(from: hilda.barrett () myschoolemail net<mailto:hilda.barrett () myschoolemail net>)

Denise,

I wanted to know if you understand that you can't come to the super deli next Friday.

Cheers,

H.

++++++++++++++++++++
(envelope from waggishy08 () acm org<mailto:waggishy08 () acm org>)
(x-sender: ultrasug9 () gil com au<mailto:ultrasug9 () gil com au>)
(X-PHP-Script indicates it was sent via "afes.com/sendmail.php<http://afes.com/sendmail.php>" at request of 
186.87.28.58)
(Return-Path: suicidaloa53 () afes com<mailto:suicidaloa53 () afes com>)


CHAPTER XLI, Nor from ME, neither.
Why HE? I stopped.

+++++++++++++++++++++
(received from heattreatmentchina.ru<http://heattreatmentchina.ru> (37.255.60.4)
(from: stonehengeqq40 () trinity edu<mailto:stonehengeqq40 () trinity edu>)

Bofe un you claims it, But we didnt wait.
So Tom was satisfied.

++++++++++++++++++++++

----------------------------------------------------------

Gary Warner
Director of Research in Computer Forensics
The University of Alabama at Birmingham
Center for Information Assurance and Joint Forensics Research
205.422.2113<tel:205.422.2113>
gar () cis uab edu<mailto:gar () cis uab edu>

-----------------------------------------------------------