Next wave of Image Spam

Discussion in 'Computer Security' started by zebulebu, Jun 27, 2007.

  1. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Jun 27, 2007 #1
    Remove Advertisement - Premium Membership
    Today our mail filters were hit with the first significant tranche of image spam hidden in .pdf documents.

    We've had a few in the past couple of weeks, but today was the first time we saw significant activity around this type of image spam. It isn't very sophisticated as yet (all the images are the same, so are easily blocked) but I'm sure we can expect to see dynamically-generated pdf spam soon.

    The bastids just keep getting sneakier! :x

    Interestingly, the pattern of the spam shows how well my ironMail appliance is working - we received about thirty in the first fifteen minutes, then, presumably as the bayesian filters kicked in, it dropped off significantly until, an hour later, it was non-existent. I checked the logs and they showed lots of the spam was being sent from either new bots, or hitherto-unlisted IP ranges, mainly in Poland, Ukraine and Russia.
     
    Certifications: A few
    WIP: None - f*** 'em
  2. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Jun 27, 2007 #2
    Remove Advertisement - Premium Membership
    Thanks for the heads-up Zeb. :thumbleft
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  3. Bambino1506

    Bambino1506 Megabyte Poster

    594
    8
    64
    Jun 27, 2007 #3
    Thanks for the update fella.

    What is the advantage of them sending spam in image format ? Just that the firewall etc isn't looking for them ?
     
    Certifications: MCP,MCDST,MCSA
    WIP: CCA
  4. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Jun 27, 2007 #4
    Basically yeah, some more details here...

    http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1210679,00.html

    Also I've noticed that some people who send short emails with a email signature which has a grpahic in it get caught up in our spam filter. The graphics are generally too big to be in a email sig to be honest so I blame the users! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  5. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    Jun 27, 2007 #5
    Pretty much mate, our blocking system wasnt picking them up, luckily enough I got one of the first one's so I managed to change it before it was unleashed on the users!

    Alot of the one's im getting say something like;

    "A Friend has sent you can e-card, attached"

    I hate to say it, but most of my users wouldn't think twise and just open it.. no matter how many times i've gone over the whole dont open any emails from unknown senders spill....:eek:
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  6. Theprof

    Theprof Petabyte Poster

    4,607
    83
    211
    Jun 27, 2007 #6
    Happened to us too, luckily the spam filter did pick up and safely blocked the email.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...