Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

New spam outbreak: mp3 spam

New spam outbreak: mp3 spam

  • Comments 5

There is a new spam outbreak that hit today, spam in mp3's.  The filenames of the spam varies, and includes some of the following:

  • Emotional ties, for example: dadsong.mp3, oursong.mp3, weddingsong.mp3
  • Well-known artists and songs, for example: santana.mp3, sayyousayme.mp3, smashingpumpkins.mp3, bbrown.mp3, bspears.mp3, gloriaestefan.mp3, beatles.mp3
  • Other "sounds" that people might want to listen to, for example: answeringmachine.mp3, coolringtone.mp3, listentothis.mp3

We've got some spam rules out there to catch these things, we'll know in the next couple of days how effective they are.

Leave a Comment
  • Please add 7 and 2 and type the answer here:
  • Post
  • PingBack from http://www.artofbam.com/wordpress/?p=10329

  • All day today I've been getting German stock spam... Terry Zink's Anti-spam Blog : New spam outbreak

  • All day today I've been getting German stock spam... Terry Zink's Anti-spam Blog : New spam outbreak

  • hi Terry --

    it's output from the Storm botnet.  These SpamAssassin 3.2.x rules catch it:

    ifplugin Mail::SpamAssassin::Plugin::MIMEHeader

    mimeheader __CTYPE_STORM_MP3_1 Content-Type:raw =~ /^audio\/mpeg;\n name=\"[a-z]+\.m

    p3\"$/s

    mimeheader __CDISP_STORM_MP3_1 Content-Disposition:raw =~ /^inline;\n filename=\"[a-

    z]+\.mp3\"$/s

    mimeheader __CTYPE_STORM_MP3_2 Content-Type:raw =~ /^audio\/mpeg;\n\tname=\"[a-z]+\.

    mp3\"$/s

    mimeheader __CDISP_STORM_MP3_2 Content-Disposition:raw =~ /^attachment;\n\tfilename=

    \"[a-z]+\.mp3\"$/s

    meta JM_STORM_MP3      ((__CTYPE_STORM_MP3_1&&__CDISP_STORM_MP3_1) || (__CTYPE_STORM

    _MP3_2&&__CDISP_STORM_MP3_2))

  • Uploaded some "sample MP3-SPAM" <a href="https://www.adminlife.net/news/mp3-spam/">here</a>.

    I think this MP3 SPAM will be easy to catch.

Page 1 of 1 (5 items)