Sorry, probably not properly phrased..
Meaning that the trend of the bots is moving towards the IoT, but yes
this is a more traditional variant.
It's high traffic numbers, and it's ransom ware style payload, is what
made it interesting enough to post to the list.
Also, the numbers are increasing, a reminder to network operators to
help mitigate the spread..
On 16-11-02 02:28 PM, Richard W wrote:
How are you making a IoT connection with this spam? This is just
today's Necurs bot spew. Changes every day.
Richard
On 2016-11-02 1:38 PM, Spam Auditor wrote:
While most of this is originating from the IoT, this latest has an
interesting pattern..
And it is coming from all the DUL (well dynamic and static broadback
access points) so most of it is of course in the spam folders already.
However, it is quite a large usage of the botnet so thought I would share..
Of course, it might be different tomorrow..
Return-Path: <woodward5...@sc.atlanticbb.net>
* All the MAIL FROM are from [a-z]+[0-9]{3,6}@<base name of isp>
Received: from 72-28-165-077-static.aik.sc.atlanticbb.net (HELO
72-28-165-077-static.aik.sc.atlanticbb.net) (72.28.165.77)
Received: from Pickup by server.mail.sc.atlanticbb.net with Microsoft
SMTP Server id 15.0.6017.3; Wed, 02 Nov 2016 10:34:20 -0400
* All with two headers.. second being 'Pickup'
* All coming from Windows OS
From: "Margaret Woodward" <woodward5...@sc.atlanticbb.net>
To: "name" <n...@domain.com>
Message-ID: <-834501632.0788999.3870775544676.JavaMail.wasadmin@local>
Subject: Transactions
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_5683153_4166401428.3525678117443"
* Headers all look standardized
Return-Path: woodward5...@sc.atlanticbb.net
Date: Wed, 02 Nov 2016 10:34:20 -0400
* Duplicate Return-Path generated by Bot?
X-KSE-AttachmentFiltering-Interceptor-Info: protection disabled
X-KSE-ServerInfo: server.mail.sc.atlanticbb.net, 9
X-KSE-Antivirus-Interceptor-Info: scan successful
X-KSE-Antivirus-Info: Clean, bases: 11/02/2016 1:34:00 AM
X-KSE-AttachmentFiltering-Interceptor-Info: protection disabled
X-KSE-ServerInfo: server.mail.sc.atlanticbb.net, 9
X-KSE-AntiSpam-Interceptor-Info: white sender email list
X-KSE-AttachmentFiltering-Interceptor-Info: protection disabled
* All of them have the same Karpersky Style headers..
* All of them have 'white sender email list'
* All of them have 'protection disabled'
I leave it up to the reader to discern whether the headers are forged,
or taking advantage of the these headers..
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
