PDF Spam

IIAGDTRnSC · ‎07-02-2007

A few days ago we received penny stock offers via . PDF files. I've noticed a few caught but this morning we had a large number shoot right through the Ironport and a secondary appliance.

You guys seeing this?

- Richard

Donald Nash · ‎07-02-2007

Ah yes, the spammers have a new tactic. We're seeing a few leakers, but not many. Our local IronPort SE actually brought the tactic to my attention before we started seeing any of this spam ourselves.

IIAGDTRnSC · ‎07-02-2007

I got hit hard this morning, most are in the form of a dictionary attack. I've had difficulty getting LDAP to properly resolve all of my users so that complicates things for me.

I've seen discussions of what files types might be used next, it's a new can of smelly old worms.

I'm not sure we've seen the worst of it yet.

seveneyes_ironport · ‎07-05-2007

Yes we have started to detect/hear about this type of spam lately also. I would exspect the volumes to ramp up just as they did with GIF sapm. We use DHAP, so if this is largely a dictionary type attach it may be helpful.

One other source of spam we have seen be very successful getting past brightmail over the last few months is spam originating from various webmail sources. Obviously hacked accounts that are then scripted to send spam from a normally trusted source. Some of the messages are actually phishing for user information of the targeted domain so its webmail server can be used also. The spam is UK lotto type spam attempting to gather user information.