Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Empty emails? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Empty emails?
I got the first completely empty email sometime late friday evening, and deleted it without investigating any further. Then I received two more Saturday morning. Now I've gotten almost a dozen, each from a different netblock around the world, and sent to different domains. The SANS NOC has seen 500+. The Internet Storm Center has gotten two queries about them.

There is some speculation it may be malware related, as in a poorly written piece of code spewing out empty emails. One other theory involves confirming known good addresses to seed a new piece of malware or spam. Is this related to Yamanner (sp?)?

Adrien de Beaupre

353 Posts
ISC Handler
Jun 18th 2006

Sign Up for Free or Log In to start participating in the conversation!