Imagine my surprise this am when I got a quarantine report from our
ironport email server (when I don't have one!)
Phishers targeting ironport users now. if anyone has ironport, can you
look at this email to see if it looks like an ironport quarantine report?
I do notice the lack of ironport headers in this email, and its base64
encoded (I think ironport quarantine reports just used nice html)
http://pastebin.com/1YXY5rPq
should be easy enough to write sigs. look for ironport headers, and if
none, block it.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
