Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
I'm fine, thanks!
I'm seeing this with a number of my clients too. I'm noticing all the html forms, which normally get filtered at the mail edge are getting through because they're spoofing major vendor domain names.
My feeling is that this is the next step of recon to determine which domains may have been added to safe-sender lists in various mail filtering engines, thus bypassing some weakly configured controls.
I am seeing malicious payloads, and a lot of the HTMLs re-direct to websites in Spain.......but that's just based on the incidents I've seen here.


Sign Up for Free or Log In to start participating in the conversation!