[ISN] 'Out of office' messages turned into spam relays

From: InfoSec News (alerts@private)
Date: Wed Feb 27 2008 - 04:06:07 PST


http://www.techworld.com/security/news/index.cfm?newsID=11544

By Matthew Broersma
Techworld
26 February 2008

Spammers have found a new trick that gets around many current anti-spam 
filters: abusing the "out of the office" auto-respond feature found in 
legitimate webmail services.

Security firm McAfee has come across several instances of the trick, the 
company said this week.

The spammer first signs up for a legitimate webmail account, switching 
on its auto-respond feature, with the spam text in place of the "out of 
the office" message.

The spammer then bombards the account with messages that have "from" 
addresses spoofed so that they appear to come from the desired 
recipients. The automatic responses are then sent to the spoofed 
addresses.

The advantage of the system is that the spam all comes from legitimate 
webmail accounts, with safeguards such as DKIM, DomainKey or Sender ID 
in place, meaning that the messages are able to get around many of the 
protections in place against more conventional spam techniques.

The spammers are likely to use automation techniques for creating the 
accounts and setting the responder text, meaning large numbers of 
accounts are likely to be at their disposal, according to McAfee.

The company is currently blocking auto-responder spam by analysing 
header and message content.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Feb 27 2008 - 04:15:27 PST