Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PDF Spam

Unanswered Question
Jul 2nd, 2007
User Badges:

A few days ago we received penny stock offers via . PDF files. I've noticed a few caught but this morning we had a large number shoot right through the Ironport and a secondary appliance.

You guys seeing this?

- Richard

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Donald Nash Mon, 07/02/2007 - 18:17
User Badges:

Ah yes, the spammers have a new tactic. We're seeing a few leakers, but not many. Our local IronPort SE actually brought the tactic to my attention before we started seeing any of this spam ourselves.

IIAGDTRnSC Mon, 07/02/2007 - 20:37
User Badges:

I got hit hard this morning, most are in the form of a dictionary attack. I've had difficulty getting LDAP to properly resolve all of my users so that complicates things for me.

I've seen discussions of what files types might be used next, it's a new can of smelly old worms.

I'm not sure we've seen the worst of it yet.

seveneyes_ironport Thu, 07/05/2007 - 03:09
User Badges:

Yes we have started to detect/hear about this type of spam lately also. I would exspect the volumes to ramp up just as they did with GIF sapm. We use DHAP, so if this is largely a dictionary type attach it may be helpful.

One other source of spam we have seen be very successful getting past brightmail over the last few months is spam originating from various webmail sources. Obviously hacked accounts that are then scripted to send spam from a normally trusted source. Some of the messages are actually phishing for user information of the targeted domain so its webmail server can be used also. The spam is UK lotto type spam attempting to gather user information.


This Discussion