There were several spam bots that appeared early yesterday morning (based on our conversation with our anti-spam vendor). They were sending random, useless text with no malicious links or phishing attempts. Most of the messages were targeted at distribution lists. By late afternoon, almost all of the messages were being correctly identified as spam.
From: [email protected] [mailto:[email protected]] On Behalf Of Steve Ens Sent: Wednesday, August 27, 2014 10:47 AM To: [email protected] Subject: Re: [Exchange] Spam Increase We use Vipre's product. More spam here too. It sure is a tough balance to keep the bad ones out and the good stuff still flowing. Trying to troubleshoot why one company cannot send to us when they reply but can when they create new messages. We've whitelisted them already. On Wed, Aug 27, 2014 at 6:38 AM, John Matteson <[email protected]<mailto:[email protected]>> wrote: I’ve seen an increase in spam that is getting through Postini, and Trend server products. Thank you for the link. I’ll put it out to my Exchange team who can translate it and push it to management to spread to the employees. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Adm Sent: Thursday, August 21, 2014 8:35 AM To: [email protected]<mailto:[email protected]> Subject: [Exchange] Spam Increase Has anyone out there seen a major increase in the amount of spam getting through? I was just sent the following that describes the latest threat (see below). It is exactly what we are seeing. Anyone else seeing the same? We're seeing many of them blocked, but many also getting through. Anyone using Trend IMSVA and getting most of these blocked? If so, how did you configure your filter to stop it? Thx in advance Spam Blocking Date/Time: 19 Aug 2014 5:00:00 AM GMT-8 There is a hike of commercial spam mails received by our sources. Some mails promotes hairloss products, car purchase, grocery coupon/reward spam, weight-loss spam etc. These spam mails uses the following techniques to bypass the AntiSpam filter. It has inserted salad words concealed in microsize fonts. Random news articles at the bottom part of the email composed of a great amount of normal words/strings. Read more: http://about-threats.trendmicro.com/us/spam/3538/Large%20Spike%20In%20Commercial%20Spam%20Using%20Microsize%20Salad%20Words%20Discovered<https://urldefense.proofpoint.com/v1/url?u=http://about-threats.trendmicro.com/us/spam/3538/Large%2520Spike%2520In%2520Commercial%2520Spam%2520Using%2520Microsize%2520Salad%2520Words%2520Discovered&k=9oIsJ6%2F9RPMz8hxY7tQVuw%3D%3D%0A&r=%2FajPhKZhudjcymAQHoODtvcIKejLdGq6IoNlL3Hrv1zg%2FObhk%2BGGuM2%2Bloa5SlOO%0A&m=XwV5xSP8ar2DHm5eWjTV0yFCOc5KWd4BI1BsW3bXAEY%3D%0A&s=bf646ad73667bcd2160d75b15696652228c872bd08ad4c418ea1ef0791c913d9> TMASE Engine: 7.5 TMASE Pattern: 0892 Analysis By: Mary Jen Sen Chua
