--On Thursday, September 16, 2010 17:30 -0500 Chris Owen <ow...@hubris.net> wrote:
We're seeing a lot of what I assume are exploit files coming from yahoo.com. They are all base64 encoded HTML attachments with a bunch of javascript in them. http://pastebin.com/ZSmW0kwW
They're not really from Yahoo. No DKIM, no Newman property. That's a fake header. The javascript is just an incredibly obfuscated way of putting in a url. Base 64, javascript, two layers of redirect and... it's the "Canadian" Pharmacy. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology
