|
Tweet Follow @spamhaus |
|
|||
![]() Poor sending practices trigger a tidal wave of informational listings Spamhaus Botnet Threat Update: Q4-2021 SERVICE UPDATE | Spamhaus DNSBL users who query via Cloudflare DNS need to make changes to email set-up Spamhaus Botnet Threat Update: Q3-2021 Spammer Abuse of Free Google Services Spamhaus Botnet Threat Update: Q2-2021 Emotet Email Aftermath Wordpress compromises: What's beyond the URL? Older News Articles: ![]() ![]() |
Spamhaus.org has been a frequent target of forged e-mails over the years and once again we're seeing a rise in those sorts of spam messages. This time email messages pretending to come from Spamhaus are a social engineering attempt ("phish") to lure victims into installing malware on their computers. Don't fall for it!
Some things to be aware of if a message claims to be from Spamhaus.org: Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Mail from Spamhaus.org comes from spamhaus.org mail servers in this IP range: $ host -t txt spamhaus.org spamhaus.org descriptive text "v=spf1 ip4:82.94.216.224/27 ~all" Incidentally, while Spamhaus.org is simply the domain being forged in this case, there is also an ongoing series of spear phishing attacks aimed at infecting specific computers inside ESPs and other e-mail reputation firms such as ReturnPath, as they have generously reported in their blog. Those attacks, like the forged Spamhaus messages, attempt to install malware onto victim's computers in an effort to gain access to data and systems within the target company. We cannot rule out that those attacks are related to the forged Spamhaus messages. Spamhaus, ReturnPath and several ESPs are working closely with law enforcement agencies to investigate these attacks. |
![]() ![]() ![]() ![]() ![]() ![]() |
![]() Permanent link to this news article: Spamhaus forged (again) in malware phish attack http://www.spamhaus.org/news/article/664/spamhaus-forged-again-in-malware-phish-attack ![]() |
![]() Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record. |
|