1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Next wave of Image Spam

Discussion in 'Computer Security' started by zebulebu, Jun 27, 2007.

  1. zebulebu

    zebulebu Terabyte Poster

    Today our mail filters were hit with the first significant tranche of image spam hidden in .pdf documents.

    We've had a few in the past couple of weeks, but today was the first time we saw significant activity around this type of image spam. It isn't very sophisticated as yet (all the images are the same, so are easily blocked) but I'm sure we can expect to see dynamically-generated pdf spam soon.

    The bastids just keep getting sneakier! :x

    Interestingly, the pattern of the spam shows how well my ironMail appliance is working - we received about thirty in the first fifteen minutes, then, presumably as the bayesian filters kicked in, it dropped off significantly until, an hour later, it was non-existent. I checked the logs and they showed lots of the spam was being sent from either new bots, or hitherto-unlisted IP ranges, mainly in Poland, Ukraine and Russia.
    Certifications: A few
    WIP: None - f*** 'em
  2. nugget
    Honorary Member

    nugget Junior toady

    Thanks for the heads-up Zeb. :thumbleft
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  3. Bambino1506

    Bambino1506 Megabyte Poster

    Thanks for the update fella.

    What is the advantage of them sending spam in image format ? Just that the firewall etc isn't looking for them ?
    Certifications: MCP,MCDST,MCSA
    WIP: CCA
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    Basically yeah, some more details here...


    Also I've noticed that some people who send short emails with a email signature which has a grpahic in it get caught up in our spam filter. The graphics are generally too big to be in a email sig to be honest so I blame the users! :biggrin
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  5. nXPLOSi

    nXPLOSi Terabyte Poster

    Pretty much mate, our blocking system wasnt picking them up, luckily enough I got one of the first one's so I managed to change it before it was unleashed on the users!

    Alot of the one's im getting say something like;

    "A Friend has sent you can e-card, attached"

    I hate to say it, but most of my users wouldn't think twise and just open it.. no matter how many times i've gone over the whole dont open any emails from unknown senders spill....:eek:
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  6. Theprof

    Theprof Petabyte Poster Forum Leader

    Happened to us too, luckily the spam filter did pick up and safely blocked the email.
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV

Share This Page