You know we are dealing with some pretty sick puppies when it comes to these spammers. It would be ironic if one is just doing this to play with our heads.
John C ---------- Original Message ---------------------------------- From: "Colbeck, Andrew" <[EMAIL PROTECTED]> Reply-To: "Message Sniffer Community" <sniffer@sortmonster.com> Date: Tue, 6 Jun 2006 16:07:25 -0700 >> So no one has any idea what the purpose of these emails are? > >The bad guys aren't telling. The good guys have lots of theories, such >as: > >http://isc.sans.org/diary.php?storyid=1384 > >and also: > >http://www.f-secure.com/weblog/archives/archive-062006.html#00000894 > >which in turn points to this UseNet thread: > >http://groups.google.com/group/Gmail-Problem-solving/browse_thread/threa >d/3c6e2fec311e89c7/f752311f6db05dfb?lnk=st&q=1545453&rnum=2&fwc=2 > >which has a rather low signal to noise ratio. Suffice it to say that in >that thread, they eventually come up with "spammers fake the from >address on a regular basis, yes, even yours" and "hey, we don't know >what this is". > >The bad guys have certainly spewed out broken junk before, which doesn't >seem to suit their purpose; all I can see it accomplishing is exposing >previously clean IP addresses as zombies with no commercial gain. > >(Hmm... ok, to follow that previous sentence you need to share my >understanding that the bad guys regularly burn many previously clean IP >addresses at one go by using the zombies on those machines to pump out a >new spam run, thus evading the IP based blacklists until those >blacklists catch up. Since their commercial messages gets through to >mailboxes in the meantime, that is a good tradeoff from their point of >view. No payload in the numeric spam means no commercial gain.) > >The only theories that I can get behind revolve around >information-gathering. Since the MAILFROM is not an address under their >control, the bad guys could glean a little information to clean their >address lists by collecting 500-level SMTP error messages from each of >their zombies. > >That would only give them partial information and would require that >they co-ordinate the data back from their many zombies. And it supposes >that the bad guys care about list scrubbing. The greatest supposition >is that they would do this without commercial gain; after all, they >could have done this without a special spam run. > >I think they just screwed up again. > >Andrew 8) > > > > > > _____ > > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] >On Behalf Of Steve Guluk > Sent: Tuesday, June 06, 2006 3:46 PM > To: Message Sniffer Community > Subject: Re: [sniffer]Numeric spam > > > > On Jun 6, 2006, at 7:51 AM, Steve Guluk wrote: > > > We're getting the same and today it started hitting a >different account (Domain). > > What are these things? I thought exploratory, maybe >looking for replies to build a DB for a later spam wave? Their not >malicious in content and look like someone's virus working incorrectly. >But, I doubt they are really so benign. > > Any understand their purpose? > > > On Jun 6, 2006, at 6:32 AM, Goran Jovanovic wrote: > > > I started seeing these messages Monday >(yesterday) morning EDT. The from > > and to are the same (ie you sent it to >yourself). I am tagging it but > > there is not enough stuff to push it into DELETE >territory. > > > > > > So no one has any idea what the purpose of these emails are? > > Random numbers for no apparent reason...? > > > > > Regards, > > > > > > > > Steve Guluk > > SGDesign > > (949) 661-9333 > > ICQ: 7230769 > > > > > > > > > > > > > > ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
