[sniffer] Re: New campaign not caught

[Chris Bunting]

What is up with the PDF spams? They are getting thru the filters like
crazy for the past few days...

 

Thank You,

Chris Bunting

Lancaster Networks

Direct: 717-278-6639

Office: 888-LANCNET x703

3com IP Telephony Expert



Lancaster Networks

1085 Manheim Pike 

Lancaster PA 17601 

www.lancasternetworks.com http://www.lancasternetworks.com/ 

--

Corporate Technology Solutions...

Specializing in 3com NBX Telephony Solutions

IT Services - Phone Systems - Digital CCTV

HP Computers/Servers  Printers

--

The information in this e-mail is confidential and may be privileged or

subject to copyright. It is intended for the exclusive use of the

addressee(s). 

If you are not an addressee, please do not read, copy, distribute or

otherwise act upon this email. If you have received the email in error, 

please contact the sender immediately and delete the email. The

unauthorized use of this email may result in liability for breach of

confidentiality, privilege or copyright.

 

From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Pete McNeil
Sent: Tuesday, August 07, 2007 2:44 PM
To: Message Sniffer Community
Subject: [sniffer] Re: New campaign not caught

 

Hello Scott,

 

We have been working on both and we've made progress.

 

There are a number of other variants and campaigns all with high
bandwidth we are also working on.

 

_M

 

Tuesday, August 7, 2007, 12:46:36 PM, you wrote:

 

 

Last night I started getting spam with numbers in the subject and a hex
code in the body.

 

This morning that switched over to stock spam PDFs.

 

Hopefully rules can be targeted towards them!

 

Scott Fisher

Dir of IT

Farm Progress Companies

191 S Gary Ave

Carol Stream, IL 60188

Tel: 630-462-2323

 

This email message, including any attachments, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply email and destroy all copies of the original message.
Although Farm Progress Companies has taken reasonable precautions to
ensure no viruses are present in this email, the company cannot accept
responsibility for any loss or damage arising from the use of this email
or attachments.

 

 

 

 

 

-- 

Pete McNeil

Chief Scientist,

Arm Research Labs, LLC.

#
 
This message is sent to you because you are subscribed to
 
  the mailing list sniffer@sortmonster.com.
 
To unsubscribe, E-mail to: [EMAIL PROTECTED]
 
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
 
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
 
Send administrative queries to  [EMAIL PROTECTED]
 
 

[sniffer] Re: New campaign not caught

[Darin Cox]

Just got one a short while ago.  Look at these headers:

Received: from p4248-ipbfp02matuyama.ehime.ocn.ne.jp [124.96.113.248] by 
mail.4cweb.com with ESMTP
  (SMTPD-8.22) id A0D001A0; Tue, 07 Aug 2007 12:41:52 -0400
Received: from [126.147.120.198] by p4248-ipbfp02matuyama.ehime.ocn.ne.jp with 
HTTP;
 Wed, 8 Aug 2007 01:42:17 +0900
Message-ID: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Wire instructions-Moi
Date: Wed, 8 Aug 2007 01:42:01 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary==_NextPart_000_000C_01C7D95D.50E32D80
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138

Note the with HTTP;.  This looks detectable to me, since it also has OE 
headers.  Not sure if there is more to work with in the Message-ID and MIME 
boundaries.


Darin.


- Original Message - 
From: Scott Fisher 
To: Message Sniffer Community 
Sent: Tuesday, August 07, 2007 12:46 PM
Subject: [sniffer] New campaign not caught


Last night I started getting spam with numbers in the subject and a hex code in 
the body.



This morning that switched over to stock spam PDFs.



Hopefully rules can be targeted towards them!



Scott Fisher

Dir of IT

Farm Progress Companies

191 S Gary Ave

Carol Stream, IL 60188

Tel: 630-462-2323



This email message, including any attachments, is for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply email and 
destroy all copies of the original message. Although Farm Progress Companies 
has taken reasonable precautions to ensure no viruses are present in this 
email, the company cannot accept responsibility for any loss or damage arising 
from the use of this email or attachments.