Monday 14 September 2015

Spam from "Vanessa Reynolds" / vanessa.reynolds@breedandco.com

This spam does not seem to have a malicious payload, but is likely sent out by the same people who send out Upatre/Dyre malware spam (or possible Dridex):
From     "Vanessa Reynolds" [vanessa.reynolds@breedandco.com]
Date     Fri, 14 Sep 2015 10:34:32 GMT
Subject     Hello, how are you?

Hello, Calvin  how are you?
The name after "Hello" varies in each version, for example:

Hello, Sheldon  how are you?
Hello, Lawanda  how are you?
Hello, Thurman  how are you?
Hello, Darlene  how are you?
Hello, Rhea  how are you?

The email is always "from" Vanessa Reynolds / vanessa.reynolds@breedandco.com although this is in fact just a simple forgery and Breed & Co (who are are a hardware store in Texas) are nothing to do with this.

The purpose of this spam is unknown. One possibility is that the spammers are probing mail servers for responses (to enumerate valid mailboxes). The other is that this could be a targeted attack on Breed & Co by disrupting email and other means of communication.

Some sending IPs for the record:

Unknown said...

I keep getting these vanessa spam messages on my phone. Been happening for a month now. Doesn't quit. It's the same voice mail over and over. "Hi it's Vanessa Reynolds..." I had to delete them so many times. They are annoying.