Friday, I reported on a wave of pump-and-dump spam. According to the SANS Internet Storm Center (ISC), reports of massive spamming runs continued through the weekend.
Handler Tony Carothers wrote on the ISC Web site that “some of our friends in Canada have been pounded … by a series of emails from a number of destinations.” He added, “It’s quite clear these destinations are spoofed, this much we can be sure of.” And, based on some of the language used in the spam messages, he said it would appear the spammers are not from North America.
Some of the names attached to the onslaught of spam emails are MattiequartermasterSterling, LindseyswitzerlandRichie, AdamicrographyHelton, AdaanodicSorensen, OlgaprototypicHo, BethflubMccabe, LindseydiscoveryBurrell, BrandipreviousSutherland, MallorybrimstoneNava, sabrinaheadquartersingh, and LetitiasorghumGold.
The Storm Center offered this advice for those trying to protect their mail servers:
“Emails for non-existent users should be rejected at your MX server. This rejection should happen during the SMTP session (in other words - don’t put Exchange there), right after your server received the RCPT TO: command. If everything is configured properly you will not see the email at all. Also, this is very cheap for your server — a decent server should be able to reject hundreds of these per second.”
The ISC has asked others who have had spam trouble this weekend to let it know. “We’ll see what we can do to contact the right people and get this stopped at the source,” Carothers said.
