This suggests that the operators invested quite some effort into preparations, which is uncharacteristic of this kind of campaigns. The spammers have been sending malicious archives addressed from a large number of companies, with the “request” text changing as well. Unlike the IP addresses and headers, the content varies. This suggested that they were part of one massive email campaign.Ĭomparing the message headers of two malicious emails Besides, the messages originated within a limited range of IP addresses. Looking closely at the message headers, we noticed that they shared a structure: a sequence of headers, MSGID format and email client were the same. What these two messages have in common is both the mailing scenario and the fact that neither looks generated by a machine. The email from the “Bulgarian customer,” with a malicious attachment The sender’s address, similarly suspicious, belongs to a Greek, not Bulgarian, domain, which apparently has no relation to the company whose name is used by the spammers. The requested products list is said to be in the attachment, as in the previous specimen. In another email, a purported Bulgarian customer inquires about the availability of some products and offers to discuss the details of a deal. Besides, the sender’s domain name is different from the company name in the logo. The only thing about the email that smells fishy is the sender’s address as “newsletter” is typically used for news, not procurement. The email from the “Malaysian prospect,” with a malicious attachment Overall, the request looks legit, while the linguistic errors easily can be attributed to the sender being a non-native speaker. The general format complies with the corporate correspondence standards: there is a logo that belongs to a real company and a signature that features sender details. In it, someone posing as a Malaysian prospect and using a fairly odd variety of English, asks the recipient to review some customer requirements and get back with the requested documents. We discovered a noteworthy email message recently.
In particular, they have been sending emails in the name of real companies, copying the senders’ writing style and signatures. Things have started to change recently, though, as spammers began employing techniques that are typical of targeted attacks. These mailings may target individual users or large corporations, with no significant differences in message content.Įxample of a mass malicious mailing message The email messages may contain no signatures or logos, with typos and other errors being fairly common.
COOWON BROWSER REVIEW DOWNLOAD
Most mass malicious mailing campaigns are very primitive and hardly diverse, with the content limited to several sentences offering the user to download archives that supposedly contain some urgent bills or unpaid fines.
0 kommentar(er)
