Tag Archives: bot

From Russia With Love

Posted on July 5, 2017 by MagicMail

For most people with decent spam protection, you should not see these types of spam, as they are mostly from compromised Iot (Internet of Things) devices, on home style connections, and not coming from normal email servers, but it is … Continue reading

Posted in Informative | Tagged , , , , | 1 Comment

Fake Law Firm Invoices

Posted on February 8, 2017 by MagicMail

Today’s article is about another round of fake law firm invoices. (Don’t open them, ransom ware and virus payloads). Now, typically they ‘should’ all be going to your spam folders, as the majority of them are coming from non-email servers, … Continue reading

Posted in Informative | Tagged , , , , , , , | Leave a comment

The IRS did not send you this.

Posted on September 8, 2016 by MagicMail

The recent increase in BOT generated spam is VERY good at social engineering, and while fortunately most of it can be blocked using very simple spam protection rules, unfortunately the payload can be VERY painful, eg RansomWare or CryptoLocker pay … Continue reading

Posted in Informative | Tagged , , , , , , , | Leave a comment

Old Fashioned Bot Network, Compromised Accounts

Posted on March 8, 2016 by MagicMail

We have been doing a lot of reporting of networks that house spammers, but today we have a chance to talk about an old fashioned bot network. Normally, they are going out of style as a way to send spam, … Continue reading

Posted in Informative | Tagged , , , | Leave a comment

Very Large BOT activates

Posted on June 25, 2015 by MagicMail

As of about 36 hours ago, another large bot activated in order to send spam and perform dictionary attacks. And as usual, this could have been mitigated if more ISP’s blocked port 25 outbound. This BOT was substantial enough to … Continue reading

Posted in Informative | Tagged , , , | Leave a comment

ISP’s DYNA IP’s, blocking port 25

Posted on December 29, 2014 by MagicMail

As another large infection spreads across the ‘Internet of Things’, it is time to ask the question again, why aren’t ISP’s and Telco’s routinely blocking outbound connections from their dynamic IP Space to port 25. Not that most spam protections … Continue reading

Posted in Uncategorized | Tagged , , , , | Leave a comment

New Twist on HELO Bot

Posted on September 23, 2014 by MagicMail

Our spam auditors noticed that a variation on a previous bot that simply opened up a HELO and then quit has surfaced, similar to the ylmf-pc bot. All it does it send a HELO greeting, usually from www.randomchars.com, and then … Continue reading

Posted in Informative | Tagged , , , | Leave a comment

EHLO command received: ylmf-pc

Posted on July 25, 2014 by MagicMail

An interesting Bot style attack, if you see this in your logs. Normally originating from DUL/Dynamic addressing ranges, this is a high impact attack, which simply connects to a mail server, issues a HELO/EHLO of ylmf-pc, and then exits the … Continue reading

Posted in Informative | Tagged , , | Leave a comment

Latest Bot Spam Making the rounds

Posted on July 18, 2014 by MagicMail

A risk free antiobesity drug.. yeah right.. Normally this shouldn’t affect most people, as it is coming from compromised devices and not email servers, and it looks to be going out to a database of hacked or stolen email addresses … Continue reading

Posted in Uncategorized | Tagged , , , | Leave a comment