Sponsored by..

Thursday, 13 November 2014

"Test mesage" / "hi there" spam

Here's an unusual spam run coming through right now.. it doesn't seem to have a payload at all..

From:     Bryon Jimenez [Eunice.f2a@simaya.net.id]
Date:     13 November 2014 12:09
Subject:     Test mesage 612985B

hi there

Where the valley narrows into the cleft of the mountains, a lake lies surrounded by lush grasses. Putting another image may not reflect the article's subject logo.
Genesee and Flushing Townships where split off on March 6, 1838. French missionary and philosopher.
We did a lot of shows to 20 people in a bar who were more interested in cheap drinks than they were the band. Camps and social works.
Commented out because it's imprecise and contains false information. It is given to those who do not actively seek it. After the transfer period ended, Guerreiro apologised to Bajevic and was given another chance and is now a member of the squad.

================

From:     Ruben Randall [Josef.e9@business.telecomitalia.it]
Date:     13 November 2014 11:06
Subject:     Test mesage 3144664L

hi there

Player 1 then presses any one of the top red phrase buttons and listens to the beginning half of a phrase. Peter Murray on Debrett's website.
Asopus had twenty daughters but he provides no list. It supports a 240 MW power station.
Profilo di architettura italiana del Novecento, Marsilio, Venezia, 1999, pp. Then the teacher posts the assignment.
American born electronic music producer and DJ now residing in Berlin, Germany. The role of Cio Cio San like most other characters she has portrayed is quickly becoming a signature for her. Williamson, Garner and Musgrove Company, and the Cagli and Paoli Opera Company.

================

From:     Selma Carter [Lloyd.525@raisetherock.com]
Date:     13 November 2014 12:11
Subject:     Test mesage 0254082S

hi there

It was Federer's 3rd title of the year and the 3rd of his career. EL to see if your link meets the Wikipedia style guide.
Squadron Leader Pentland in New Guinea, c. Users can stream music directly from ZumoDrive to iPhone, iPod Touch, Android and WebOS devices.
The work received little critical attention. Saura also attempts to strengthen autobiographical themes found in the original story.
Methodists, in the area. Today it is not uncommon to find early Corgi models with such additions still intact. Edmund Sebastian Joseph van der Straeten.
In all cases "Test mesage" is spelled incorrectly and the body is just "hi there". Because there is no malicious payload (such as an attachment or link) and the message lacks the sort of trigger words that might get it blocked then there is a high probability that at least some of these will get through your spam filter/

10 comments:

Allan said...

Getting these across multiple domains. Not hosted on the same servers. Testing various addresses on those domains.

Steve Brown said...

Also getting these, 2 in the last 5 minutes. It is weird as there doesn't seem to be any malicious content...

Kicking and Fighting said...

got the same, around 400 across the 20 domains we have.. no other pattern i can find other than the subject and opening phrase.

Conrad Longmore said...

Some of the recipients seem to be completely random, but there are also the usual suspects there with accounts that get a LOT of spam being targeted.

Dave Llewellyn said...

Yes - I'm been receiving several of these across random recipients on my domain all afternoon... I just found this thread after Googling about the specifics of the message! I too am seeing them sent to knownname@domain as well as randomcharacters@domain.

Tim Carter said...

Yes, we are getting lots of them too. All seem to come from different sources.

edmilner said...

I added a rule into our sonicwall and it has already blocked over 600 and that was probably just the tail end. Maybe they are trying to verify email addresses.

Steve Basford said...

I've had 814 blocked already using:

Sanesecurity.Spam.12262.UNOFFICIAL

ClamAV 3rd Party signatures: http://sanesecurity.com
#clamav #sanesecurity #malware

Jan said...

Plenty here, all are being stopped by our filtering vendor. They are so far only hitting a couple of our UK domains.

We do see this sort of no-payload distribution (blown distribution, recon...) on occasion that are difficult for filters to target.

Always good for lots of questions as people wonder why they are getting through :-\

Retro Mojo said...

Here's a new Fb page for them https://www.facebook.com/emailtestmessages