Resume / Doc Spam

Tue, 08 Sep 2015 14:27:15 -0700

We have been seeing a number of spams getting through our ClamAV / Spamassassin filter. What is the best way to share with the community so that we can develop a defense against these messages? 

The message reads:
Hi my name is Victoria Alexandra attached is my resume!Please message me back 

Best regards

Victoria Alexandra


The attachment is named "Victoria_Alexandra_resume.doc", message source 
shows the document to be encoded as:

Content-Type: application/msword;
 name="=?utf-8?B?VmljdG9yaWFfQWxleGFuZHJhX3Jlc3VtZS5kb2M=?="
Content-transfer-encoding: base64
Content-Disposition: attachment;
 filename="=?utf-8?B?VmljdG9yaWFfQWxleGFuZHJhX3Jlc3VtZS5kb2M=?="



I haven't had the courage to open in word, if I open in 7zip, I see 
following files:

 Directory of C:\

09/08/2015  04:24 PM    <DIR>          .
09/08/2015  04:24 PM    <DIR>          ..
09/08/2015  04:24 PM                 0 1.txt
09/08/2015  04:24 PM    <DIR>          docProps
09/08/2015  04:24 PM    <DIR>          word
01/01/1980  12:00 AM             1,696 [Content_Types].xml
09/08/2015  04:24 PM    <DIR>          _rels
               2 File(s)          1,696 bytes

 Directory of c:\docProps

09/08/2015  04:24 PM    <DIR>          .
09/08/2015  04:24 PM    <DIR>          ..
01/01/1980  12:00 AM               989 app.xml
01/01/1980  12:00 AM               737 core.xml
               2 File(s)          1,726 bytes

 Directory of c:\word

09/08/2015  04:24 PM    <DIR>          .
09/08/2015  04:24 PM    <DIR>          ..
01/01/1980  12:00 AM             1,186 fontTable.xml
01/01/1980  12:00 AM             4,356 numbering.xml
01/01/1980  12:00 AM             8,227 settings.xml
01/01/1980  12:00 AM            17,478 styles.xml
01/01/1980  12:00 AM            15,713 stylesWithEffects.xml
09/08/2015  04:24 PM    <DIR>          theme
01/01/1980  12:00 AM             1,620 vbaData.xml
01/01/1980  12:00 AM            33,280 vbaProject.bin
01/01/1980  12:00 AM               831 webSettings.xml
09/08/2015  04:24 PM    <DIR>          _rels
               8 File(s)         82,691 bytes

 Directory of c:\word\theme

09/08/2015  04:24 PM    <DIR>          .
09/08/2015  04:24 PM    <DIR>          ..
01/01/1980  12:00 AM             6,992 theme1.xml
               1 File(s)          6,992 bytes

 Directory of c:\word\_rels

09/08/2015  04:24 PM    <DIR>          .
09/08/2015  04:24 PM    <DIR>          ..
01/01/1980  12:00 AM             1,208 document.xml.rels
01/01/1980  12:00 AM               277 vbaProject.bin.rels
               2 File(s)          1,485 bytes

 Directory of c:\_rels

09/08/2015  04:24 PM    <DIR>          .
09/08/2015  04:24 PM    <DIR>          ..
01/01/1980  12:00 AM               590 .rels
               1 File(s)            590 bytes

     Total Files Listed:
              16 File(s)         95,180 bytes






















					Reply via email to