Jump to content

Odd spam


Lking
 Share

Recommended Posts

I have gotten a couple of these odd spam lately. The subject is a number, no text, just 487 jpg attachments for a total of 6.1M in pictures. Most of the jpgs also have long numbers for titles. Opened some of the jpgs to see maps, religious images, Japanese(?) characters, some "western" art, pictures of statues. One image is repeated over 50 time. Don't see the purpose. It seems harmless.

Sorry about including the header but due to the size (>5M) my ISP blocks the outgoing email to sc. Any ideas?

 From - Wed Nov 28 14:59:49 2012 
X-Account-Key: account2 
X-UIDL: U$O!!lV-!!;6\!!(EC!! 
X-Mozilla-Status: 0001 
X-Mozilla-Status2: 00000000 
X-Mozilla-Keys:																				  
X-Symantec-TimeoutProtection: 0 
X-Symantec-TimeoutProtection: 1 
X-Symantec-TimeoutProtection: 2 
X-Symantec-TimeoutProtection: 3 
X-Symantec-TimeoutProtection: 4 
X-Symantec-TimeoutProtection: 5 
X-Symantec-TimeoutProtection: 6 
X-Symantec-TimeoutProtection: 7 
X-Symantec-TimeoutProtection: 8 
X-Symantec-TimeoutProtection: 9 
X-Symantec-TimeoutProtection: 10 
Return-Path: <233558938299[at]dysgo.org> 
Received: from mail1.radix.net (mail1.radix.net [207.192.128.31]) 
	by pop2.radix.net (8.13.4/8.12.2) with ESMTP id qASGEP83023444 
	for <xxxy>; Wed, 28 Nov 2012 11:14:26 -0500 (EST) 
Received: from goldnew.radix.net (goldnew.radix.net [207.192.128.21]) 
	by mail1.radix.net (8.13.4/8.13.4) with ESMTP id qASGDLlf019584 
	for <xxxz>; Wed, 28 Nov 2012 11:13:21 -0500 (EST) 
Received: from server94.dysgo.org ([199.116.118.24]) 
	by goldnew.radix.net (8.13.5/8.12.2) with ESMTP id qASGDAaK020975 
	for <xxx>; Wed, 28 Nov 2012 11:13:10 -0500 (EST) 
X-Real-To: <xxx> 
Received: from server94.dysgo.org (server94.dysgo.org [199.116.118.24]) 
	by server94.dysgo.org (Postfix) with ESMTP id B4658237821E 
	for <xxx>; Wed, 28 Nov 2012 19:05:57 +0300 (MSK) 
Message-ID: <18248114.1354118757709.JavaMail.959952320785[at]server94.dysgo.org> 
Date: Wed, 28 Nov 2012 19:05:57 +0300 (MSK) 
From: 233558938299[at]dysgo.org 
To: xxx 
Subject: 933854890065 
Mime-Version: 1.0 
Content-Type: multipart/mixed;  
	boundary="----=_Part_96_31706449.1354118757578" 
X-UIDL: U$O!!lV-!!;6\!!(EC!! 
Status: U 

------=_Part_96_31706449.1354118757578 
Content-Type: text/html 
Content-Transfer-Encoding: 7bit 

<HTML><HEAD> 
<META content="text/html; charset=utf-8" http-equiv=Content-Type> 
</HEAD> 
<BODY> 
<P><IMG border=0 hspace=0 alt="" align=baseline src="cid:391435062178.jpg" /); 
<P><IMG border=0 hspace=0 alt="" align=baseline src="cid:186055462795.jpg" /); 
. 
. 
. 

Link to comment
Share on other sites

...Sorry about including the header but due to the size (>5M) my ISP blocks the outgoing email to sc. ...
Thank goodness! Maybe it's a plot to overload the internet ... nah, seriously, there are a number of jpg exploits, I wouldn't go opening those on my machine (go to toastedspam or similar if curious, where you can paste in the Base64 code of any individual attachment and let them render it).

May well be pointless, not safe to assume so though. If I were a hacker I would send one or two exploit images within a raft of harmless ones. If concerned, you could try forwarding (some) pictures (without locally viewing them) to VirusTotal or similar but I suspect detection rates would be low, even if they are malicious - still, that would expose them to a whole battery of AVs for analysis.

I take it you're not using a mail client that would allow you to "detach" these pictures before forwarding? Many do but, if there's only a few of these spam, it's certainly not worth turning your world upside down finding and installing one to chase a solution (life's too short). Maybe just "view source" and use the webpage submission form method to paste full headers and just a token amount of the body content. That's about all you could do with these (yes, it is permissible to "trim" such content, whichever submission method used - SC would anyway, if over 50K).

Aaagh M$ has much to answer for when they sprang HTML e-mail upon an unsuspecting world back in '99 (or was it '98?). It would be good to eliminate a few of these electron botherers you are seeing but, unfortunately, theirs is not (yet) a capital offence. In a properly-ordered society however ...

Link to comment
Share on other sites

I take it you're not using a mail client that would allow you to "detach" these pictures before forwarding? Many do but, if there's only a few of these spam, it's certainly not worth turning your world upside down finding and installing one to chase a solution (life's too short). Maybe just "view source" and use the webpage submission form method to paste full headers and just a token amount of the body content. That's about all you could do with these (yes, it is permissible to "trim" such content, whichever submission method used - SC would anyway, if over 50K).

No it doesn't "detach." The first one I got caused my ISP to choke when I tried to quick report it. - How hard do you have to look at an email "Subject: 933854890065, From: 233558938299[at]dysgo.org" to know its spam? Having caused a problem the second one got a second look, even with my short life. <g />

Hadn't though about webpage reporting. Two spam in as many weeks is really down in the grass, given the 100s of spam I report daily. Given the time required to load and display 400+ images inline, seems most people would kill/delete the email. But that assumes the general public has more common sense than there is evidence to support. Reducing the size, changing the subject does the same for spammers.

Aaagh M$ has much to answer for when they sprang HTML e-mail upon an unsuspecting world back in '99 (or was it '98?). It would be good to eliminate a few of these electron botherers you are seeing but, unfortunately, theirs is not (yet) a capital offence. In a properly-ordered society however ...

Agree with you on that!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...