Q: How do you get spam? A: In pairs.

Q: How do you get spam? A: In pairs.

am 13.01.2006 09:46:36 von Alan Mackenzie

Has anybody else noticed this? That our favourite spams, the ones we
love more than any others, the "Microsoft network security update" spam
(160k) seems usually to be paired with a "sorry, could not deliver your
mail to " job, containing an ostensible audio file
(147k)?

They arrive at my ISP within minutes of eachother, tenderly embracing -
not always, but almost always. (I zap them by SSHing to my ISP and using
Pine there.)

There doesn't seem to be any particular reason why they should be thus
paired. Does anybody have any insight into why this should be so?

The MS security update looks like this:
Return-Path:
Delivered-To: acm@muc.de
Received: (qmail 83652 invoked from network); 13 Jan 2006 03:49:22 -0000
Received: from ihug-mail.icp-qv1-irony4.iinet.net.au (HELO mail-ihug.icp-qv1-irony4.iinet.net.au) (203.59.1.198)
by mx3.muc.de with SMTP; 13 Jan 2006 03:49:22 -0000
Received: from 203-217-75-231.dyn.iinet.net.au (HELO qovj) ([203.217.75.231])
by mail-ihug.icp-qv1-irony4.iinet.net.au with SMTP; 13 Jan 2006 11:37:36 +0800
Message-Id: <4js9r6$gef7m7@iinet-mail.icp-qv1-irony4.iinet.net.au>
X-BrightmailFiltered: true
FROM: "Microsoft"
TO: "Commercial Customer"
SUBJECT: Network Security Update
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="lycvohnee"

The Joe Job, thus:
Return-Path:
Delivered-To: acm@muc.de
Received: (qmail 83554 invoked from network); 13 Jan 2006 03:47:59 -0000
Received: from customer-domains.icp-qv1-irony7.iinet.net.au (203.59.1.128)
by mx3.muc.de with SMTP; 13 Jan 2006 03:47:59 -0000
Received: from 203-217-75-231.dyn.iinet.net.au (HELO aobgcev) ([203.217.75.231])
by customer-domains.icp-qv1-irony7.iinet.net.au with SMTP; 13 Jan 2006 11:38:56 +0800
Message-Id: <4lkejh$2jhtu4@iinet-mail.icp-qv1-irony7.iinet.net.au>
X-BrightmailFiltered: true
FROM: "Inet Email Storage Service"
TO: "Network Receiver"
SUBJECT: Notice
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="dasywdvxjy"

OK, so they're both coming from the same server, no surprise there. But
why?

--
Alan Mackenzie (Munich, Germany)
Email: aacm@muuc.dee; to decode, wherever there is a repeated letter
(like "aa"), remove half of them (leaving, say, "a").

Re: Q: How do you get spam? A: In pairs.

am 14.01.2006 00:21:52 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-28620-1137194513-0004
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Alan Mackenzie writes:

> OK, so they're both coming from the same server, no surprise there. But
> why?

Multiple attack vectors originating from the same zombie-spamware.



--=_mimegpg-commodore.email-scan.com-28620-1137194513-0004
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQBDyDYRx9p3GYHlUOIRAqYzAJ0cq9VqFFp0M3DhwUpXsCiTIUP63wCe KyiI
rxE2AvKTy/o2yjm60ISeJKY=
=e743
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-28620-1137194513-0004--