"podmena traffica test" spam
There seem to be some strange spam emails doing the rounds, with a body text of "podmena traffica test".. what gives?
It makes a bit more sense if you transliterate it into Cyrillic, which leaves you with a Russlish phrase "подмена трафика тест" and that simply translates as "spoofing traffic test".
The subject is a random spammy one, the originating IP looks like part of a botnet.
I'm pretty sure these are coming through "to" and "from" the same email address, so it may well be someone enumerating mailservers looking for SMTP spoofing protection.. in other words, testing addresses to see if they work and then recording the server's SMTP response.
Why? Who knows.. spammers don't usually care about efficiency if they are using a botnet, because they are not paying for bandwidth or equipment. These type of "probes" are seen sometimes and can be safely deleted.
Labels: Spam
posted by Conrad Longmore at
12:49
7 Comments:
This post has been removed by the author.
02 January 2009 23:14
I don't get the impression it's simply spam. If you check the headers on these it looks as if you sent the message to yourself, not just the email address but both received headers, except that the real originating IP is not yours but is that of the real senders. Now I may be wrong, but to me it appears someone has found a way to exploit certain SMTP servers or spoof them in a way that needs to be fixed so that it can't happen.
02 January 2009 23:18
I'm from Russia.
It seems not only smtp trafic is changed, but http also. Very strange, like a "Greate China firewall".
03 January 2009 16:22
See this:
http://www.google.ru/search?q=podmena+traffica+test
03 January 2009 16:23
Or may be it's a troyan on Windows computers, which spoof the traffic.
03 January 2009 16:29
I'm getting complaint about this from a customer of the IT company i work for. All mail he sends, from his Thunderbird mail client, has this body since monday. Seems he hasn't made any changes that he's aware of, and it doesn't seem to be sent unless he actually intends to send an email. Perhaps a problem limited to Thunderbird?
08 January 2009 12:34
Got this e-mail and it's not from my name to my name - says it's from a "Edmund Mobley" and it's addressed to another woman at my same company. Doesn't seem to show my name in the recipients even in the properties of the mail... Not sure what this is all about.
24 January 2009 01:11
Post a Comment
<< Home