Re: [mailop] Mass 'Girl Picture PDF' Spam Mails from various: outbound.protection.outlook.com
Bonjour Benoît, It's obvious that they are trying to infect Windows users with Adobe Acrobat Reader, they are targetting the (probably) most common configuration on Internet, and especially for our well nown Mme Michu. I've seen few of them here, but all detected as malware & spam. Best regards, Camille -Message d'origine- De : mailop De la part de Benoît Panizzon via mailop Envoyé : vendredi 21 mai 2021 16:29 À : mailop@mailop.org Objet : [mailop] Mass 'Girl Picture PDF' Spam Mails from various: outbound.protection.outlook.com Hi List Today, we are getting strange emails from various outbound.protection.outlook.com ip addresses to all kind of destination email addresses. Strange thing is: The have a HUGE list of recipients in the To: Header They have nonsense 5 letter (3 and 2) Subjects. The have nonsense content of usually a couple of characters (plain and html) They have a PDF attchement (200 to 400kb) containing a picture of a girl. There are no links, nothing advertised. So except of traffic, they don't seem to make any sense for the sender (have not checked the PDF for possible exploits, I'm using email PDF preview on linux, so no 'mainstream' PDF reader which could be vulnerable). Does anyone know what the sender wants to achieve with those? -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Mass 'Girl Picture PDF' Spam Mails from various: outbound.protection.outlook.com
Update, feed the last PDF to Virustotal. https://www.virustotal.com/gui/file/ad860365c07794fd64c6368db884faa495508b03826422eaa1cdb0d5266f5f42/detection Yes, 6 Hits for 'Phishing Malware'. I suppose Adobe PDF reader is vulnerable to this. -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Mass 'Girl Picture PDF' Spam Mails from various: outbound.protection.outlook.com
Hi List Today, we are getting strange emails from various outbound.protection.outlook.com ip addresses to all kind of destination email addresses. Strange thing is: The have a HUGE list of recipients in the To: Header They have nonsense 5 letter (3 and 2) Subjects. The have nonsense content of usually a couple of characters (plain and html) They have a PDF attchement (200 to 400kb) containing a picture of a girl. There are no links, nothing advertised. So except of traffic, they don't seem to make any sense for the sender (have not checked the PDF for possible exploits, I'm using email PDF preview on linux, so no 'mainstream' PDF reader which could be vulnerable). Does anyone know what the sender wants to achieve with those? -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop