Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-02-17 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

More spam for your inbox

Published: 2006-02-17
Last Updated: 2006-02-17 22:52:25 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)

It's nice to see that all the spam countermeasures that we deploy actually are effective. How do we know that? Well, spammers are constantly trying to exploit new tricks against various spam detection methods, with more or (usually) less success.

One of the latest "tricks" from their bag consists in sending extremely short e-mails in order to starve the decision matrix of the Bayesian classifier.

The sample e-mail below looks like a desperate move by a spammer in order to evade spam detection.



We can see that in the e-mail body there is only couple of words, but there is a ZIP archive as well. In the archive there is a HTML web page, together with some disclaimers(!!). The HTML web page is the actual spam content (this time being some porn spam advertisement with links to PayPal; they're obviously trying to make some money).

The disclaimer is even more interesting:

  XXX Content Warning
  .............................................

  Please read and comply with the following conditions
  before you continue:
  .............................................

  I am at least
  21 YEARS OF AGE.

And so on. This is probably some kind of legal defense as they are advertising porn web pages.

We've seen two variants of this spam. They are basically similar, but in the other case the ZIP archive is actually password protected and password is listed in the message body. This can cause various e-mail gateways to alerts (as this looks pretty much like a worm).

Keywords:
0 comment(s)

Apple's Ode to Hackers

Published: 2006-02-17
Last Updated: 2006-02-17 17:14:34 UTC
by Chris Carboni (Version: 1)
0 comment(s)
I've been told I have an odd sense of humor.

So, I have to wonder if the poetry embedded into OS X is funny to anyone but me.


Keywords:
0 comment(s)

Mac OS X Bluetooth Worm

Published: 2006-02-17
Last Updated: 2006-02-17 14:56:51 UTC
by Chris Carboni (Version: 1)
0 comment(s)
The F-Secure weblog is reporting a poof of concept worm for Mac OS X 10.4 (Tiger). that tries to spread from one infected system to others by using Bluetooth OBEX Push vulnerability CAN-2005-1333.


Keywords:
0 comment(s)

Multiple Exploits Avaliable for MS06-005 and MS06-006

Published: 2006-02-17
Last Updated: 2006-02-17 13:28:51 UTC
by Chris Carboni (Version: 1)
0 comment(s)
The 'sploit writers have been busy.

In the last 24 hours a total of four exploits have been released - two each for MS06-005 and MS06-006.

MS06-005 - Vulnerability in Windows Media Player Could Allow Remote Code Execution

MS06-006 - Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution


Keywords:
0 comment(s)
Diary Archives