Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: I'm fine, thanks! SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
I'm fine, thanks!
I'm seeing this with a number of my clients too. I'm noticing all the html forms, which normally get filtered at the mail edge are getting through because they're spoofing major vendor domain names.
My feeling is that this is the next step of recon to determine which domains may have been added to safe-sender lists in various mail filtering engines, thus bypassing some weakly configured controls.
I am seeing malicious payloads, and a lot of the HTMLs re-direct to websites in Spain.......but that's just based on the incidents I've seen here.

Anonymous

Sign Up for Free or Log In to start participating in the conversation!