Can be a probe too. Accepting mail from that IP with that content says
something about your system. Spammers aren't stupid. They fingerprint us
just like we fingerprint them.
Ken
Pacific.Net
Karsten Bräckelmann wrote:
Please do NOT *reply* to a mail, if you start a new thread. Changing the
Subject and removing the quoted text does not make it a new mail. It
still is a reply. You just hijacked an unrelated thread.
On Tue, 2008-07-29 at 10:38 -0400, Kevin Parris wrote:
Sample posted here: http://pastebin.com/m7d993dc7
Have seen several similar to this, the message contains only random
words, no images, no web links. What's the point? It's not
advertising, or trying to lure victims to a site, or carrying any
payload. Commentary anyone?
It is most likely just horribly broken. These are rather common since a
few days.
The weird X-Header-CompanyDBUserName: header is entirely static. As is
the X-Mailer: header. The other X-Header-* headers likely aren't
intended to be sent either. The first Received: is utterly broken (IP
with 18-digit numbers).
Even the body is pretty static. The words are random (including length),
but the punctuation and whitespace of the body is static again.
I guess it should be rather safe to catch these based on the headers, if
you got problems detecting them otherwise.
guenther
--
Ken Anderson
Pacific.Net
