Sounds like the standard bot generated spam, but it has been mentioned
before, if posting to this list, a complete header is usually best in
order for list members to comment on.
It would help to see if this is simply an outbreak of compromised email
accounts (less likely) or some type of allowed relay.. or infrastructure
change.
Suprised that the c&c of this bot hasn't been found yet, it has been
going on a while..
On 16-08-30 10:57 PM, Shane Clay wrote:
We’re seeing huge amounts of spam coming from cox.net (68.230.241.0/24)
over the past few days. Going to our filtering system but also getting
through to Office 365 and Gmail accounts without any issue at all.
They are all the well written, formatted “please remit” type emails with
a Word Doc attached.
Interesting, the example I’ve had sent to me today went directly to my
users @domain.onmicrosoft.com address, so not to the custom domain. The
customer has never actually used the onmicrosoft.com domain for anything.
This is a repeat of what we saw from the same IP range in June. Anyone
at Cox.net that can comment?
Example of what we see:
*From:*Coulson, Nick [mailto:bbulla...@cox.net]
*Sent:* Wednesday, 31 August 2016 1:05 PM
*To:* Real Staff Members Name <abc....@hidden.onmicrosoft.com>
*Subject:* Companies Actual Full Legal Name; Ben, Please See and Clear -
NET-30 01V950901
Hello Real Staff Members Name,
Mechanical Engineer
I am writing to inform you that we haven't got deposit of $1662.00 from
Real Companies Name (), which appears *outstanding*.
Since you are our returning customer, we are offering you 3 extra days
to remit the payment. Please refer to the attached paper for payment
requisites.
Cheers,
Coulson, Nick
*Forte School of Music Applecross* | Accounts Team
A.B.N 73 106069311
325-327 Queensberry Street North Melbourne Vic 3051
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
