Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Empty emails? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Empty emails?
I got the first completely empty email sometime late friday evening, and deleted it without investigating any further. Then I received two more Saturday morning. Now I've gotten almost a dozen, each from a different netblock around the world, and sent to different domains. The SANS NOC has seen 500+. The Internet Storm Center has gotten two queries about them.

There is some speculation it may be malware related, as in a poorly written piece of code spewing out empty emails. One other theory involves confirming known good addresses to seed a new piece of malware or spam. Is this related to Yamanner (sp?)?

I will be teaching next: Enterprise and Cloud | Threat and Vulnerability Assessment - SANS Secure Japan 2022

Adrien de Beaupre

353 Posts
ISC Handler
Jun 18th 2006

Sign Up for Free or Log In to start participating in the conversation!