I wonder if rather than spam, it’s trying to exploit something? I know that both on windows and mac, I’ve occasionally seen patches for native and third party players.
Here’s an example from VLC: https://trac.videolan.org/vlc/ticket/15888 <https://trac.videolan.org/vlc/ticket/15888> > On May 5, 2017, at 8:53 PM, do...@mail.com wrote: > > I received this very unusual email a few days ago. It (or another > email), timed out my spamassassin check (which is a first). > > I'm including the full text of the spam below along with all of the > headers. > > I'm interested if this mail is legit, or if it's just a new trap. > I have skipped through parts of the audio (play as user nobody :) and > there is no voice, or discernible instrument; just a bunch of tones and > really bad synthetic sounding drums. > > I don't even have an idea why someone would listen to this... > > I can send you the whole mp3, but I've opted to just send the md5sum for > now since the file is 10MiB. The md5 sum is > 3fec277311e73175c6f49b70d8a063e8 . > > The email also contains an html part (identical to the text part in > content), and 8 images; 1 jpeg and 7 png. These include a facebook and > twitter buttons. > > Thanks, > David > > >> Return-Path: <rele...@racolage.xxx> >> Received: from racolage.xxx ([216.51.232.227]) by mx.mail.com >> (mxgmxus005 [74.208.5.20]) with ESMTP (Nemesis) id >> 0MBmC1-1dGJ253K3r-00AlEr for <do...@mail.com>; Tue, 02 May 2017 >> 15:42:19 +0200 Received: from [127.0.0.1] (localhost.localdomain >> [127.0.0.1]) by racolage.xxx (Postfix) with ESMTP id CEC563060E55 >> for <do...@mail.com>; Tue, 2 May 2017 09:42:16 -0400 (EDT) >> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=racolage.xxx; >> s=mail; t=1493732537; bh=mjg3vHGJXalwbtWTwqzRztpRTwhvBrVGp+58Vhw6DJM=; >> h=List-Unsubscribe:From:To:Subject:Date:From; >> b=l6O3++WGARbyASNz/FZWqZJB3Ghdyx0pzy7CtiM9O4viBfiayWejyZEi1dXy3lT6t >> FjOmZGb7hzymCJ4TcIcUCBPEkEVUqcb1YRn0YyqQ0Zn/9YYoVqvXZIrFHIlAj5fZWN >> PzyyhGyAeRJaJ18acQAVhtNz79xeH3CPYyyGGjIA= >> Content-Type: multipart/mixed; >> boundary="----sinikael-?=_1-14937325368410.12218541851445819" >> List-Unsubscribe: http://racolage.xxx/unsubscribe.html >> Precedence: bulk >> Feedback-ID: release1:racolage.xxx >> From: racolage.xxx ⛅ ⚡ <rele...@racolage.xxx> >> To: do...@mail.com >> Subject: AUDIO TRACK #1 | Contact Person - Your Email Address Was >> Selected Message-ID: <facda02e-274b-2fd8-4f5b-64823bbdf...@racolage.xxx> >> X-Mailer: nodemailer (2.7.2; +https://nodemailer.com/; >> SMTP/2.7.2[client:2.12.0]) >> Date: 05/02/2017(Tue) 09:42 >> MIME-Version: 1.0 >> Envelope-To: <do...@mail.com> >> X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3; >> X-GMX-Antivirus: 0 (no virus found) >> X-UI-Filterresults: > <sniped large body of base64 encoded text belonging to above header> > > >>>>>>>> YOU HAVE RECEIVED A TRACK <<<<<< >>>>>>>> CHECK THE ATTACHMENT!!! <<<<<< >> >> Contact Person - Your Email Address Was Selected >> >> Underprocecessed ultrasonic glitch bossanova (low bitrate mix specially >> for racolage.xxx). CREDIT: written & produced in moscow 2014-2017 >> >>>>>>>> YOU HAVE RECEIVED A TRACK <<<<<< >>>>>>>> CHECK THE ATTACHMENT!!! <<<<<< >> >> Released by : http://racolage.xxx >> facebook : https://www.facebook.com/racolage/ >> twitter : https://twitter.com/racolagexxx >> contact : cont...@racolage.xxx >> unsubscribe : http://racolage.xxx/unsubscribe.html >
