MX Logic has a writeup on US Tax Court phishing emails seen today.
The email from noreply@ustaxcourt.org has a link to download "a Copy of the Order, Letter, Notice or Other Document Being Appealed". The website was not online when checked on it.
At long last Adobe has released security updates for Adobe Acrobat and Adobe Reader 7.x. Most Adobe Reader users should have updated to 8.1.2 when these vulnerabilities were first announced. Many users of Adobe Acrobat may not have had the funds necessary to purchase a upgrade. 7.1.0 is a critical update that should be applied immediately if you are using a 7.x version. If you are running 8.x, you should be running 8.1.2, released in February. Versions prior to 7 should be considered unmaintained and are not to be used on Internet connected computers.
I was reminded by a commenter that I've missed my blogaversary.
Four years ago yesterday I began this blog.
Time sure flies by.
Thanks to search engines that found the site. Thanks to feedburner for letting me know how many people have subscribed via RSS (or ripped the site off via RSS). Thanks to the readers and to the commenters. Thanks to MovableType for providing the software.
Here's to another year securing computers and data.
One of my users is getting some spam that is really annoying to deal with. I've seen users get hit much worse (usually by backscatter) but I still think this is an interesting story to tell.
The spammer typically sends 5-10 emails per day from a gmail account. Usually by the next day he's sending from a new gmail account. Thus the mail is coming from a trusted source and we can't block by sending IP or domain. Blocking the email address is barely worth the effort since he will change again tomorrow.
If we had other tools at our disposal we might have a better chance of blocking. Personally, I feel that the anti-spam service we pay for should block these things and we should rarely have to add manual blocks.
The Display From name is actually consistent so I was able to have the user set up a client-side rule that forwarded the message to abuse as an attachment and delete the message. I dont want to repeat the name and social security number in the from field, but if you google it there are a ton of blog/forum spams of the same crap.
The recipient list is kind of interesting. Its a long list of NASA, Government, military and Voice of America addresses.
The other interesting thing is some of the messages are long repetitive rants that bypass our spam filter because the message size is too big to be considered spam. That seems like a bad idea.
