Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1652 Views 5 Replies Latest reply: Apr 27, 2012 11:23 AM by Hayton RSS
ghriddle Newcomer 2 posts since
Nov 1, 2011
Currently Being Moderated

Nov 1, 2011 3:18 PM

Two images and no text ...

Hello ... 

Much of the spam I receive consist of two images and no text.

Is there a way to identify that configuration and mark as spam?

  • okv McAfee Employee 92 posts since
    Mar 22, 2010
    Currently Being Moderated
    1. Nov 1, 2011 3:54 PM (in response to ghriddle)
    Re: Two images and no text ...

    Please specify your Anti-Spam and Anti-Spam content version and date. You can find it in About box.

  • Hayton Volunteer Moderator 4,588 posts since
    Sep 27, 2010
    Currently Being Moderated
    3. Apr 14, 2012 3:04 PM (in response to ghriddle)
    Re: Two images and no text ...

    This is an old thread but the question is still relevant (and has not been answered). I have been receiving a spate of this type of spam email message, and looking at the full message+header content I have noticed a couple of things which might help.

     

    First, the messages are superficially similar but any links they contain are to unique and disposable domains. This type of message is borderline spam, because in most of them is a note to the effect that "you are receiving this message because you have agreed to ...." blah blah blah. Usually this is the result of being conned into filling out some online survey somewhere (watch out for anything with the name "surveymonkey" on it) or otherwise providing a contact email address to some website. It can be quite instructive, I am told, to set up a number of disposable email accounts if you do this, and then watch to see which account the spam messages are coming back through.

     

    Second, the subject headers are often taken from a fairly restricted list. "LoveFilms" occurs in quite a few of these messages, and "iPad" is (or was) another favourite. It is possible to block messages in McAfee's Anti-Spam that contain specific words or phrases, and that's worth a try.

     

    And third, these messages - when you examine them - nearly always contain a long list of words which look very much like passwords. I don't know what purpose those lists serve, but they look highly suspicious.

     

    If there is one single way to block those messages I too would like to know how to do it.


    Volunteer Moderator  Leeds, UK
    No PM's please
  • okv McAfee Employee 92 posts since
    Mar 22, 2010
    Currently Being Moderated
    4. Apr 26, 2012 8:45 AM (in response to Hayton)
    Re: Two images and no text ...

    I got in touch with ghriddle(thanks for help!), took samples and sent it to content team. appropriate measures were taken to treat similar messages as spam.

  • Hayton Volunteer Moderator 4,588 posts since
    Sep 27, 2010
    Currently Being Moderated
    5. Apr 27, 2012 11:30 AM (in response to okv)
    Re: Two images and no text ...

    One of those image-only messages came in today and McAfee correctly rated it as spam.

     

    If you would like me to forward it to be examined, let me know.

    It has the usual hallmarks : a disposable recently-registered domain, a list - shorter than usual - of ?possible passwords, and URLs with very long names.

     

    An excerpt from the word list :-

    guerilla

    dsd

    nrdc

    erin

    porzellan

    hazardous

    tilting

    zrh

    hnb

    timestopics

     

    And here is part of one of those URLs

    <snip...>MzQwMDAwNTY3|Mjc0Mzk4MTQ|YWVkNHAyZkBob3RtYWlsLmNvbQ|NDI|MTM4Mw|MzU1Mg| NzU2Nw|MjI4Nw||||||Njk0MTk3OA|NjI0NzUxNg|MQ|MA|MA|VQ.html

     

    Edit :

    The domain was registered recently. There is information about it the mail server at these sources -

    http://www.reversemx.com/mx/mail.giftdeliver.info/

    http://www.reversemx.com/mxip/199.193.251.202/

    http://www.reversemx.com/mxip/206.212.240.50/

     

    and WhoIs information at http://whois.domaintools.com/giftdeliver.info

     

    The operation is Delaware-based.

     

    Message was edited by: Hayton on 27/04/12 17:30:22 IST

    Volunteer Moderator  Leeds, UK
    No PM's please

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points