PDF spams with payload?

[Craig A]

Just lately a LOAD of spam with pdf documents attached have been trapped in my spam filter.
I wasn't aware a payload could be delivered in a pdf BUT.............I'm not going to find out either!

Craig

Are you up for trying one of THESE JK?.......

[Sky]

i have been just recently getting a heck load of spam scam fraudulent stuff im my filter aswell. so what i do ( i think i snaped by the way) what i do is write down all of those email addresses, then i send them back to the other spammers with diferent email addresses in return, so if i havnt lost ya'll by now, im simply spamming the spammers and scammers aint the intrenet great!? Spamming the spammers and scamming the scammers...this.....IS GREAT!!

[JKWidener]

I already know bout it... here is what McAfee has to say about it...

Hackers have launched a widespread "pump-and-dump" stock spam campaign using PDF files, anti-virus researchers have warned.
In a change of tactics, the attackers have hidden the spam content within a PDF file instead of attaching an image file to plug the stock, according to a security advisory on the McAfee website.

The spammers are sending the PDF files with randomly generated subject lines, sender names and a blank message body.

The stock spam is believed to have been sent from Stration infected computers, as this attack is similar to the W32/Stration worm mass-mailing, which contained a number of PDF files, Nick Kelly, sustaining engineer at McAfee said.

"Spammers are struggling to find ways to fool spam filters and get their messages into people's inboxes," said Bradley Anstis, director of product management at Marshal.

“But, spammers believe many anti-spam solutions largely ignore PDF files, so they use them in an attempt to add credibility and legitimacy to their messages. We expect to see a lot more of PDF spam. This recent case is just the beginning."

[Fred M.]

I received one of those PDF files yesterday. Since the message was blank, I opened the PDF out of curiosity and found the company name and its 4-letter stock market code. It was a PDF of a graphics image of text, which can't be read by the Spam filters.

At www.pinksheets.com, I entered the 4-letter code and viewed the data on file for the company. On the pinksheets Company Information page, there was a company web site URL listed. From the DNS, I obtained the web site's IP address. Entering the IP at whois.arin.net, I found the company's ISP information.

Quoting the message headers, I forwarded the message to spam@uce.gov, the ISP (and spam@pinksheets.com to alert them of the stock scam). I do this to ALL spam I receive. Perhaps it is a "fool's errand"!

Fred

[Craig A]

Yeah Fred........lots of times I do the same thing, trace route and all that.
It most likely IS a waste of time but reporting them just makes me feel better.......
But, then again, there are only so many hours in a day....... .......

[Harry]

To show you a line from our server's mail system log...

2007-07-02 22:31:10 H=(CCF-2A6FE1DB87A) [211.144.107.170] F=<chiseliow@gam.eu.com> rejected RCPT <chapmansawki@oilfieldengine.com>: Message rejected because (CCF-2A6FE1DB87A) [211.144.107.170] is blacklisted at bl.spamcop.net see Blocked - see http://www.spamcop.net/bl.shtml?211.144.107.170

As you can see, I take full advantage of www.spamcop.net to keep crap out of the server mail boxes. The above address are all fake, however, the payload is there knocking at the door.

http://www.spamcop.net/w3m?action=bl...11.144.107.170

By all means, feed your spam to www.spamcop.net it is used by hundreds of thousands of legitimate servers to determine which IPs go into the BLACK HOLE list.

Here's another one...

2007-07-02 22:26:39 H=host-12-46-144-210.orbitelcom.com [12.46.144.210] F=<belh@visi.com> rejected RCPT <lauren@smokstak.com>: Message rejected because host-12-46-144-210.orbitelcom.com [12.46.144.210] is blacklisted at bl.spamcop.net see Blocked - see http://www.spamcop.net/bl.shtml?12.46.144.210

We all know Lauren, but these yahoos think that Lauren has an email box at smokstak.com - all this stuff never sees the light of day.

[Craig A]

Our local telephone company also uses spamcop as do I.
I don't bother with the crap that my spam filter traps but I get ticked off with the stuff that gets delivered.......
THAT'S when I hunt for abuse reporting AND forward to spamcop.......

[spfx_dude]

Thanks for the usefull information, guys. I am new to the PC world and especially to the laptops. I am a die hard mac user and had very little problem with tons of spam. But now I seem to be getting more and more, and the spam filters tend to send all my messages to the junk folder no matter how I set the controls.

But the real question is, I have recently been getting return error messages for emails I havent sent. They all have attachments (which I dont open). I never send these messages, they are not recorded on my email sent box, things seem to be running up to speed, and my NOD Antivirus scans are telling me all is OK. Is this Phishing of sorts? I am also on Vista with the new Microsoft emailer... all very mysterious. Thoughts?

L

[Harry]

Quote:

Originally Posted by spfx_dude

I have recently been getting return error messages for emails I haven't sent.

The spammers use fake email addresses for the "From:" address because they can. If yours is an easy one then it will appear somewhere. If you are concerned about this, use an address with a couple of numbers mixed in.

DO NOT place your email address out on the web in the open. Spammers continuously sift web pages for email addresses. That's why we use a blind email system here. Our web server knows your email address, but the outside user only sees your smokstak handle. That's why I get hundreds of spam attempts to handle@smokstak.com - now watch, that one will get spammed.

The day will come when email addresses in a header cannot be faked and an IP number will lead to your doorstep. That will bring 90% of this problem to conclusion. The internet got off to a rough start because the inventors (not Gore) never forsaw the bad guys moving in.

[Bill Decker]

I made the mistake once of advertising an item on a site that puts your e-mail address out there for all to see. I was receiving 100+ to 150+ e-mails a day in my Spam Folder. It really got to be too much as I have to sift through it in case some some ligit e-mails got caught in there. I started reporting them to ISP's and I'm now down to about 50+- a day. I don't mind that too much as I check my e-mails twice a day and only have one page to look at compared to 2 or 3 pages before. I'm still reporting some of the spam. It takes time. Some of the ISP's have e-mailed me back saying they will look into the abuse. Most don't even bother to reply. The only ones that I'm hesitant to report to are the ones from China, Korea, Turkey, and a few others. My luck I'd be giving them another address to forward junk too

[Harry]

http://www.spamcop.net/

Your reports through them are handled with a blind email address system. The spammers cannot get your address this way.

[Bill Decker]

I have come to the conclusion that reporting Spam is fruitless. Among all those subjects from male enhancement, increasing certain bodily fluids, credit report, and more, the most annoying are the ones for gambling, casino's. Every time I send one of these to Spam Cop, I see the same address come up, bo_01@sina.com. They also send a report to a casino site. Total waste of time and the junk mail keeps coming