I’m posting this more to attract other interested parties than anything. Last weekend I posted an entry about a mysteriously benign spam that was going out by the millions. This afternoon it’s something new though I suspect it’s coming from the same person/people.
The spam again is sent to a seemingly random non-existent addresses on my domain (i.e. firstname.lastname@example.org). It’s coming from seemingly forged random return addresses. Again it’s subject is “hello.”
There are two big differences from the last spam attack.
First, this spam contains a payload in html with a randomly numbered filename. Html is the basic language of the worldwide web. All web pages at their simplest are made of html.
Second, The body text in each is different though typical of ‘socially engineered’ spams. One reads
The resume document is attached.
Here’s that file that you wanted.
Like the last time the payload is totally harmless. Like last time the payload has no link back to the sender. All the links on it are legitimate links at amazon.com.
At least now this spam is making it through Gmail’s filters.
I am truly puzzled. As was the case last time I’m glad to act as a focal point for anyone with theories or questions.
It’s just too weird, but I suspect we’re all being set up for something bigger and not as harmless.