Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: End User receiving Mailer-Daemon bounce errors SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
End User receiving Mailer-Daemon bounce errors
We have a user that only access her e-mail via her IPhone. She apparently clicked on a link for a pop-up and now her e-mail is ending out spam.

I could not locate anything on her device, but this is what I know about this situation:

The emails are coming from several foreign IP address and include:

New message, please read http:// .ru/o f.php

The domain has been removed for security purposes.
Anonymous

Sounds like Joejobbing, assuming she's changed her password. Halifax

4 Posts
Quoting Halifax:Sounds like Joejobbing, assuming she's changed her password.

Spammers recycle their Reply-To and From addresses constantly, picked at random from the recipient pool. There are practically no real Joe Jobs anymore. The spammers simply sets the spam run up to deflect the inevitable bounces to anyone but themselves.

Why anyone would transmit a polite bounce after stopping a spam is beyond me, but mail admins who tnink it's still 2002 are known to exist.
Scofield

3 Posts

Sign Up for Free or Log In to start participating in the conversation!