Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Spam is funny!

from [Shaun] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Spam is funny!
Date: Sun, 29 Apr 2007 23:53:26 -0500 
On Thu, 12 Apr 2007 16:22:03 -0400
<neal.krawetz@mac.hush.com> wrote:


Well, the email address associated with that article just received
an Arizona State Credit Union phish. It had never received one of
those before.

Man, spammers are predictable and funny.


One trend I've noticed recently is that spammers appear to be tailoring
the subject headers to individual recipients. I'm not talking about the
crap where they stick your name in the subject, it seems they're getting
much more specific, and perhaps tracking where they picked up an email
address to begin with and which sort of subject lines might pique the
recipient's interest. 

I receive a lot of spam where I glance at the subject - even if SA has
tagged it - and actually have to wonder whether or not it's a legit
message, because the subject is relevant to my interests. A quick
example,

Subject: The Redirect requests to SSL port option allows you to redirect
requests to the specified SSL port.

I do a lot with SSL, so naturally I opened up that email just to see
what the heck they're on about. Of course it turns out to be a stock
spam for CYTV. But I get a lot of spam now with unix-ish, programming,
or other geek related subject lines that I have to take a look at
because they _could_ be legit. 

This phenomenon - spam with subjects that would be on-topic for mailing
lists I subscribe to, or even random communications from folks - seems
to be a fairly new thing over the past couple of months. It's as if some
spammer has actually built a database to correlate emails with where
they found them, in order to guess at subject lines that might be more
tempting.

Anyone else seeing this trend? I'd be curious especially to see whether
or not they're "targeting" folks in non-IT roles. For example, do we
have any veterinarians on the list who get stock spam with subjects
related to animal husbandry?

-s

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] AFFLIB(TM): Time-of-Check-Time-of-Use File Race, Tim
Next by Date:  Re: [Full-disclosure] Spam is funny!, Nick FitzGerald
Previous by Thread:  [Full-disclosure] Spam is funny!, neal.krawetz
Next by Thread:  Re: [Full-disclosure] Spam is funny!, Nick FitzGerald
Indexes:  [Date] [Thread] [Top] [All Lists]