SJ,
Andrew posted a blurb from SANS a couple of days ago.
Pump and dump scams now in PDF
Published: 2007-06-20,
Last Updated: 2007-06-20 21:33:39 UTC
by Maarten Van Horenbeeck (Version: 1)
Apparently the groups behind what we know as pump and dump spam have
found a new way to bypass spam filters. As of yesterday, we’ve been
observing e-mails with bogus text, often in german, each with a PDF in
attachment.
These PDFs purport to be stock information, and are usually titled
‘German Stock Insider’. They contain much more detail on stock than
we’re used to from previous dump and pump scams and include images for
added realism. They even contain the following disclaimer:
“This is not an offer to buy or sell any security. German Stock Insider
discloses that they were paid ten thousand Euros for distribution of
this report.”
The messages are usually sent to [EMAIL PROTECTED] with an attachment name of
name_report.pdf. Apparently they are distributed most to .com and .org
domains, though most of the reports we’ve received were from Europe.
Each of the reports so far has had an MD5 hash of
2e4b2158909f276942dadf6a0b621b1a. Thanks to Günter for reporting his
findings.
-------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
SJ.Stanaitis wrote:
I’m getting gobs of PDF’s snagged in my antispam filter, they’re not
triggering any AV yet, anyone else seeing this?
SJ.Stanaitis - //Network Administrator//
Decorative Product Source, Inc.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
--
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
