?
Solved

Strange and new spam?

Posted on 2007-07-20
8
Medium Priority
?
281 Views
Last Modified: 2010-04-11
Has anyone seen this. Since about 15 hours (21:05 CET, 19th June '07) we are receiving very strange spam. In the order of tens per hour.
The content is nonsense and there is also no commercial message of attachments.
Some e.g.'s:

- Subject: allotted debilitate  abramson
Body: breakup collet, ding diagnoses author, conduct amethyst. classificatory burdensome bp abrade
applied awe cowl. cavil bitternut clammy absence ablaze azure bocklogged agricola
bernstein deemphasize amelia axiom. baroness distributor derriere abbreviate census baggage appendage

- Subject: biggs blossom  bore
Body: deliverance billiken, craze compagnie blandish, astronomic coriander. content automate diploma crook
cumulate cringe babble. bodice compulsion contraceptive ditch bonus climate detriment ambivalent
coolheaded animate cincinnati carbine. did conversion canine charlottesville admix divergent cerberus

Our spam filters (NetApp appliance) has done an almost perfect job in filtering real spam since I installed it about 4 months ago. The first message is an example that has not been blocked or marked. The second one was also not blocked but it was marked.

All messages oriented at valid or nearly valid email addresses. The nearly valids are addresses which are no longer used or with small variations on existing email addresses. Those addresses are clearly on a spam list because we are used to getting lots of spam to those same valid and nearly valid addresses. For me, this proves that the same spammers are behind this.
My guesses are:
- The spammers are trying out new techniques
- They have deployed a new technique (like the recent PDF attachments) put the implementation is flawed as there is no real message
- An error in their botnet

I'm not trying to solve this, just trying to better understand what's happening. So:
- Is anyone else experiencing this?
- Other guesses why this is happening?
- Any other feedback.

J.
 
0
Comment
Question by:PowerIT
  • 4
  • 4
8 Comments
 
LVL 32

Expert Comment

by:r-k
ID: 19531732
Yes, we get plenty of such spam, though not today for some reason.  Your guess is as good as mine. Mine is that they use this to check which addresses are valid, i.e. mail gets through or not. In many cases this type of message includes some image selling drugs or stocks, so it is also possible that in your case the image was left out due to a mistake or bug. The random words are of course to confuse the spam filter.
0
 
LVL 18

Author Comment

by:PowerIT
ID: 19532094
Hi r-k,

that's the anoying thing: they are without images. Those with images are handled correctly by our spam filter.
And still coming in steady.
Maybe they are indeed testing addresses, although I have my doubts. The replies would be over a botnet which also receives SMTP traffic for thousands of domain names. Then again, they main be a step ahead - again.

I'll leave this open over the weekend. CU.

J.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19545356
An update. I belong to an anti-spam mailing list, and a couple of people are reporting almost exactly what you describe - starting on about July 19. Being the weekend it's possible more people may report this tomorrow. Will let you know if any consensus arises. Probably some new spambot or some buggy spambot on the loose out there.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 18

Author Comment

by:PowerIT
ID: 19545462
Thx for the update r-k
0
 
LVL 32

Accepted Solution

by:
r-k earned 2000 total points
ID: 19552145
They seem to be starting again. just got this one:

Subject: cessna disdain  calamus
From: an IP in Australia
Body:
blanche canst, blackbody arboretum disburse, boycott audacious. agreed asylum asbestos capacitate
collegian aggression committing. brighton dogfish dexter cove degrease brandywine adverse curran
cooperate bruise basel alveolus. acetone cognizant checkbook accent critique bottleneck abuse

This time I'll save a few to see if there is any rhyme or reason.

It might be some sort of test to see what combinations of words make it through spam filters. This one certainly made it through ours.


0
 
LVL 18

Author Comment

by:PowerIT
ID: 19553920
FYI: ours stopped on sunday 1:38 CET and no new occurences as yet.
Indeed, looks more and more like a test.

J.
0
 
LVL 18

Author Comment

by:PowerIT
ID: 19623285
It looks like this was a trial for the new spam where you get a zip and within it a pdf or txt. Lots of those 'trial' words seem to be used in the header of such spam. Our spam filter has again improved and is now tagging both the first phenomen and the zips (but not blokking yet).
I'll just close this now.

r-k, thanks for responding.

J.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19629989
Thanks, PowerIT. Yes lately there is a trend of sending spam via pdf and attached gif files as well. A combination of random words with pdf or image spam is going to be tough for the anti-spam filters. I keep getting a few of them every day, luckily not too many because they don't seem to be getting caught by any filter.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question