[clug] unusual spam recently
Daniel Pittman
daniel at rimspace.net
Mon Nov 15 15:38:03 MST 2010
Eyal Lebedinsky <eyal at eyal.emu.id.au> writes:
> On 15/11/10 19:06, Daniel Pittman wrote:
>> Eyal Lebedinsky<eyal at eyal.emu.id.au> writes:
>>
>>> As of early today I received a number of spam messaged titled
>>> Action Required : Upgrade Your New Adobe PDF Reader
>>>
>>> Nothing out of the ordinary here, except that these were sent to
>>> aliases that I hardly ever use, mostly created for one purpose
>>> and only used by the one business at very low frequency.
>>
>> [...]
>>
>>> Is anyone else seeing such an event? Does anyone have an idea where
>>> else I should look?
>>
>> The three most common causes for this that I am familiar with are:
>>
>> 1. You used an email localpart that someone else anywhere on the Internet used
>> in a visible place. Spam now flows to every previously used localpart at
>> every identified domain, because it gets through to people who don't
>> publish their details effectively.
>>
>> 2. Someone had that address in their address book, and it got pilfered (or
>> given away) to the spammers. (Typically by way of hostile code lifting it
>> from them.)
>
> But it is unlikely that five different businesses got hacked within the same
> few hours?
I was going to say "yeah, pretty unlikely", and then I thought of the sort of
small businesses that I used to support when I was tech support for a hosting
provider - and it might not be as unlikely as it should be. One good
vulnerability in a particular version of an online shop written in PHP...
(But, seriously, yeah, that makes these two explanations less likely.)
>> 3. Someone stole the database of the online service, and sold it as material
>> for spam.
>
> What online service? tip (more precisely @eyal.emu.id.au) is what I use.
I meant "from the online shop" for point 3, and "from the virus-infested
Windows machine owned by the owner of the online shop" for point 2.
...but in this case I would look dubiously at point one, and wonder what
localparts were suddenly getting hit. :)
Daniel
--
✣ Daniel Pittman ✉ daniel at rimspace.net ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
More information about the linux
mailing list