[clug] unusual spam recently

Daniel Pittman daniel at rimspace.net
Mon Nov 15 15:38:03 MST 2010 

Eyal Lebedinsky <eyal at eyal.emu.id.au> writes:
> On 15/11/10 19:06, Daniel Pittman wrote:
>> Eyal Lebedinsky<eyal at eyal.emu.id.au>  writes:
>>
>>> As of early today I received a number of spam messaged titled
>>> 	Action Required : Upgrade Your New Adobe PDF Reader
>>>
>>> Nothing out of the ordinary here, except that these were sent to
>>> aliases that I hardly ever use, mostly created for one purpose
>>> and only used by the one business at very low frequency.
>>
>> [...]
>>
>>> Is anyone else seeing such an event? Does anyone have an idea where
>>> else I should look?
>>
>> The three most common causes for this that I am familiar with are:
>>
>> 1. You used an email localpart that someone else anywhere on the Internet used
>>     in a visible place.  Spam now flows to every previously used localpart at
>>     every identified domain, because it gets through to people who don't
>>     publish their details effectively.
>>
>> 2. Someone had that address in their address book, and it got pilfered (or
>>     given away) to the spammers.  (Typically by way of hostile code lifting it
>>     from them.)
>
> But it is unlikely that five different businesses got hacked within the same
> few hours?

I was going to say "yeah, pretty unlikely", and then I thought of the sort of
small businesses that I used to support when I was tech support for a hosting
provider - and it might not be as unlikely as it should be.  One good
vulnerability in a particular version of an online shop written in PHP...

(But, seriously, yeah, that makes these two explanations less likely.)

>> 3. Someone stole the database of the online service, and sold it as material
>>     for spam.
>
> What online service? tip (more precisely @eyal.emu.id.au) is what I use.

I meant "from the online shop" for point 3, and "from the virus-infested
Windows machine owned by the owner of the online shop" for point 2.

...but in this case I would look dubiously at point one, and wonder what
localparts were suddenly getting hit. :)

        Daniel
-- 
✣ Daniel Pittman            ✉ daniel at rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons

More information about the linux mailing list