Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - Strange Round of EMails InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Strange Round of EMails

Published: 2007-07-13
Last Updated: 2007-07-19 14:15:44 UTC
by Deborah Hale (Version: 1)
0 comment(s)

We have received a number of reports from our readers indicating that they are receiving a large amount of Pump and Dump spam that contains no subject or body text.  The emails do however contain attachments that have a .dat extension.  Upon further review of the attachments it appears that they are failed attempts at creating and sending a .pdf file. 

The attachments are the typical pharmacy scam spam.  It is recommended that you just delete the emails.  You may want to think about adding the .dat to your banned file extensions in your anti-virus programs at least until this round of spam has ended.

 NOTE:  Just a reminder, there are some applications that use the .dat extension (Blackberry registration, Exchange servers) on files for various reasons.  Be aware that if you block the .dat attachment it may also block valid emails.  At this point the .dat attachment is not malicious so you may just want to inform your users of the emails and tell them to delete them (don't open the attachment).

Thanks to our many readers that have offered insight into the uses for the .dat files.

 

 

 

Keywords:
0 comment(s)
Diary Archives