Security Incidents mailing list archives

Re: Interesting mail sender

From: "Tuc at T-B-O-H.NET" <ml () t-b-o-h net>
Date: Thu, 27 Sep 2007 19:42:50 -0400 (EDT)


In the recent days our firewall block some message which have a very
interesting mail from address.

The log message is looks like this:

Invalid SMTP command; request='MAIL', param='From:<aadorris@zfJah]+o*7Z->'

May this be an exploit or just a wrongly setup in a spammer program?

        I've been getting alot with "To: <|tuc () tucs-beachin-obx-house com>"
(Note the pipe...)

                        Tuc

-------------------------------------------------------------------------
This list sponsored by: SPI Dynamics

ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper 
It's as simple as placing additional SQL commands into a Web Form input box 
giving hackers complete access to all your backend systems! Firewalls and IDS 
will not stop such attacks because SQL Injections are NOT seen as intruders. 
Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! 

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E
--------------------------------------------------------------------------

Current thread:

Interesting mail sender Szalay Attila (Sep 27)
- Re: Interesting mail sender Tuc at T-B-O-H.NET (Sep 28)
  - Re: Interesting mail sender daniel (Sep 29)
- Re: Interesting mail sender merigoth (Sep 28)
- Re: Interesting mail sender Valdis . Kletnieks (Sep 30)