Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Pointless email spam
From: Jeff Firestone <firestoj () MCCC EDU>
Date: Tue, 16 Apr 2013 16:58:53 +0000

We've seen a huge increase in this type of spam in the past 3 or 4 days, all coming from a hosting service named Eonix 
Corporation. So bad in fact, that I've needed to firewall several of their IP blocks in our email gateway: 
173.213.64.0/18 and 173.232.0.0/16

And interestingly, all of the spam return addresses are from the .pw domain. I guess Palau is the new world spam 
capital. ;-)

Jeff

====================================
Jeff Firestone Network Engineer
Mercer County Community College
====================================




On Apr 15, 2013, at 1:56 PM, Jacobson, Dick wrote:

One of my campuses reminded me that today is tax day and this is not abnormal for this time as the Phishers test their 
addresses.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gade, 
Werner
Sent: Monday, April 15, 2013 12:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Pointless email spam

We have seen a 225% to 500% increase in spam messages, depending on the day, hitting our spam filters since April 3rd.  
Our filters are adjusted as high as we can go without stopping legitimate emails.

Werner Gade
Interim CIO
Director of Technical Operations
Central Information Technology Services
University of Wisconsin - Colleges and Extension
780 Regent St. | Madison, WI 53715-2635
Phone: (608) 262-7832 |Mobile: (608) 220-7877 |Fax: (608) 262-234



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary 
Warner
Sent: Monday, April 15, 2013 6:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Pointless email spam

Are other schools seeing a big uptick in "no purpose" spam messages?  Wondering if this is an enormous email address 
list cleanse/harvest? or what other motives anyone might theorize on this?

Here are three sample email bodies.  No attachment, no links.  Can't PROVE they are related, just coincidence of timing 
and pointlessness.


++++++++++++++++++++
(received from myschoolemail.net<http://myschoolemail.net> 173.246.104.97)
(from: hilda.barrett () myschoolemail net<mailto:hilda.barrett () myschoolemail net>)

Denise,

I wanted to know if you understand that you can't come to the super deli next Friday.

Cheers,

H.

++++++++++++++++++++
(envelope from waggishy08 () acm org<mailto:waggishy08 () acm org>)
(x-sender: ultrasug9 () gil com au<mailto:ultrasug9 () gil com au>)
(X-PHP-Script indicates it was sent via "afes.com/sendmail.php<http://afes.com/sendmail.php>" at request of 
186.87.28.58)
(Return-Path: suicidaloa53 () afes com<mailto:suicidaloa53 () afes com>)


CHAPTER XLI, Nor from ME, neither.
Why HE? I stopped.

+++++++++++++++++++++
(received from heattreatmentchina.ru<http://heattreatmentchina.ru> (37.255.60.4)
(from: stonehengeqq40 () trinity edu<mailto:stonehengeqq40 () trinity edu>)

Bofe un you claims it, But we didnt wait.
So Tom was satisfied.

++++++++++++++++++++++

----------------------------------------------------------

Gary Warner
Director of Research in Computer Forensics The University of Alabama at Birmingham Center for Information Assurance and 
Joint Forensics Research
205.422.2113
gar () cis uab edu<mailto:gar () cis uab edu>

-----------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault