Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Spam - spam - spam

Published: 2006-06-06
Last Updated: 2006-06-06 15:49:07 UTC
by Swa Frantzen (Version: 2)
0 comment(s)
A new twist in spammer tactics is being reported, although we're not sure what their goal is at the moment.

Some of our readers report receiving messages apearing to originate from themselves, with only numbers as subject and body.

The body does apears to be HTML encoded, but it's so basic as to not pose a threat so far.

It would be a good idea to investigate if you can drop email that apears to be from your own organization while originating outside of it. If your users do not send such email (e.g. because they use a VPN to connect back to the inside while on the road), dropping that email might cut down on a few spams.

Some fun while on this subject - it's a Tuesday after a 3 day weekend in some countries - :
All relations to the SPAM luncheon meat product are purely accidental, even if it was inspired on a 1975 sketch from Monty Python. Most of us think spam started back in 1994 when two lawyers advertized their green card scam in each and every usenet newsgroup. Some digging around revealed much earlier attempts in 1978 on the precursor to the modern Internet. It just goes to show you're never around for too long to learn something new.

UPDATE

Some guesses as to what the cause of the spam might be have been received by now and I'd like to point out a few:
  • Today's date is the number of the beast, it might attract some old style hackers.
  • There is a possible link to Bagle seeding as it was done in the past and we might need to expect a new variant of it soon.

--
Swa Frantzen - Section 66
Keywords:
0 comment(s)
Diary Archives