Bit of a strange week this week, seems almost like the spammer groups
are taking turns. Emotet's new email templates, being sent from
compromised accounts has been increasing, with some of it sneaking
through current filtering methods, so the spam auditors have been busy
tweaking filtering rules, as much of this comes from accounts on the too
big to block.
Strangely, the spam bots on infected routers, have gone real quite this
week, a drop of about 75% in volume. While Cutwail came back a couple
of weeks ago, it doesn't look like this is expanding, and most of the
sources are identified.
Auth attack source growth continue from Amazon AWS, GoogleCloud, and Azure.
OVH/Digital Ocean Spammers keep popping up, as usual, and more and more
of their IP space is starting to appear on many blacklists.
Google spam leakage on the increase again.
And of course, still no improvement from the SendGrid problems, not only
shared accounts being compromised to send the worst of the phishing
emails, but seeing even dedicated SendGrid customers being compromised
to send the really bad stuff. PS, if a SendGrid rep is listening, you
might like to smack o1.memberservices.gonift.com, and the subscriber
list they use.. purchased?
Chuckling over the ISP that uses Sophos, and the headers show Sophos
detected a virus in the attachment, but the ISP still sends it out..
Emotet .. Received: from relaygw2-22.mclink.it (HELO
relaygw2-22.mclink.it) (195.78.211.236)
X-Sophos-AV-Policy: File_Infected
X-Irideos-Libra-ESVA: No virus found
Endurance Group seems to be leaking a lot of Emotet.. Maybe they need
Sophos ;) No, not picking favourites, but time to review your AV and see
if it is catching Emotet.
If it DOES, do your customer a favour (look at the AUTH headers) and
tell them their system is infected.
Watch for this weekend, have a feeling that Emotet and others are going
to start 'ripping it up', given the success they had this week.
Take care everyone, see you all on the other side.. (of the weekend)
-- Michael --
PS, going to start quote of the day, for biggest chuckles on
whitelisting requests reported... eg.. "i am not sending any spam. i am
only doing simple marketing mailing", would the readers of this list
like those? And frankly, request from team members.. ESP's, please stop
sending automated removal requests.. canned requested, or bot requests
don't help any one.. You want to engage properly, so they can help you
with the problems you have in the first place..
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
