|
I am seeing a large amount of spam hit our network that has been successful at fooling our spam filter. The Your Funds Will Be Transferred UPDATE: We have received some information from one of our readers that the zip file that he received contained We also have received a report of emails that are hitting which tell the recipient that they letter cannot be opened Deb Hale Long Lines, LLC |
Deborah 279 Posts ISC Handler Jul 15th 2010 |
| Thread locked Subscribe |
Jul 15th 2010 1 decade ago |
|
I've also seen an increase in email with an HTML attachments that get through SPAM filters that have the subject "DELIVERY NOTIFICATION FAILURE"
Attachments contain link to Trojan.Malscript!html Viral |
Anonymous |
| Quote |
Jul 15th 2010 1 decade ago |
|
I have had several as well over the past week. There has been enough that it makes me question our spam filter.
|
Anonymous |
| Quote |
Jul 15th 2010 1 decade ago |
|
We've put a block on zip files years ago and has saved us numerous of times.
|
Anonymous |
| Quote |
Jul 15th 2010 1 decade ago |
|
I am also having issues with faith in my spam appliance. I am looking at these messages in detail trying to figure out why they are not being stopped. they do appear, on the surface, to just be easily identifiable as spam...
|
Blagarswinth 23 Posts |
| Quote |
Jul 15th 2010 1 decade ago |
|
We've been seeing a lot of "Delivery Notification Failure" SPAM too, though that subject line has since morphed into more random subjects. Included in the e-mail is malicious js, no attachments. It seems to run as soon as the e-mail is read (or viewed in a reading pane)
|
Flyshuffle 1 Posts |
| Quote |
Jul 15th 2010 1 decade ago |
|
FYI...
- http://www.symantec.com/connect/blogs/spammers-harvesting-high-gear July 15, 2010 - "... observed a dramatic increase in the directory harvest attack (DHA) method. There was a staggering -15- times increase in DHA attacks during the first week of July 2010 when compared to the same period in June 2010. The spike was observed in the second week of June and is still rife..." It -will- take some time for SPAM blockers and AV to catch up with this... . |
Jack 160 Posts |
| Quote |
Jul 15th 2010 1 decade ago |
|
"a dramatic increase in the directory harvest attack (DHA) method."
There are lots of MTA configuration options that will slow down DHAs. It's not up to the spam blocker or AV to handle that part. If it is a botnet attack as the Symantec analysis suggests, then simply implementing the Spamhaus Zen DNSBL at SMTP time would likely keep it from having any effect on you. |
John Hardin 62 Posts |
| Quote |
Jul 15th 2010 1 decade ago |
|
I started seeing this NDR behavior on July 3. Our SPAM filter didn't catch it, nor did our local Symantec client. The file size didn't feel right, and the JS certainly felt icky. I observed the same action that it runs as soon as the e-mail is read. When I threw it up on VirusTotal on July 05 13/40 vendors picked it up, each one with a different JS based malware signature......
We reverted to quarantining .htm/.html based attachments into a select quarantine and reviewing manually. The |
John Hardin 2 Posts |
| Quote |
Jul 15th 2010 1 decade ago |
|
Sanesecurity signatures are already blocking some of these:
http://sanesecurity.co.uk/index.htm |
Sanesecurity 21 Posts |
| Quote |
Jul 16th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
