Sponsored by..

Friday 8 August 2014

Spammers probing with "How are you doing?" / poorname.us attack

The particularly aggressive spammers that I have covered recently [1] [2] [3] [4] [5] [6] launched another probing attack overnight, trying to collect email addresses by using an embedded image (the principles of the attack are described here).

The spam looks like this:

Received: from murch.greatsill.info (HELO find-your-perfect-bride-russians.us) (94.102.56.147)
  by [redacted] with SMTP; 8 Aug 2014 00:36:28 -0000
Date: Thu, 07 Aug 2014 17:34:22 -0700
Subject: How are you doing?
From: Stewart [stewart@find-your-perfect-bride-russians.us]
The body text is just HTML:




The originating IP is 94.102.56.147 (Ecatel, Netherlands). The spamvertised site is hosted on 143.95.32.129 (michael.asmallorange.com) although it is currently 403ing.

I don't know the origins of this spam, but it is being investigated.


No comments: