Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Strange Round of EMails SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Strange Round of EMails

We have received a number of reports from our readers indicating that they are receiving a large amount of Pump and Dump spam that contains no subject or body text.  The emails do however contain attachments that have a .dat extension.  Upon further review of the attachments it appears that they are failed attempts at creating and sending a .pdf file. 

The attachments are the typical pharmacy scam spam.  It is recommended that you just delete the emails.  You may want to think about adding the .dat to your banned file extensions in your anti-virus programs at least until this round of spam has ended.

 NOTE:  Just a reminder, there are some applications that use the .dat extension (Blackberry registration, Exchange servers) on files for various reasons.  Be aware that if you block the .dat attachment it may also block valid emails.  At this point the .dat attachment is not malicious so you may just want to inform your users of the emails and tell them to delete them (don't open the attachment).

Thanks to our many readers that have offered insight into the uses for the .dat files.





279 Posts
ISC Handler
Jul 19th 2007

Sign Up for Free or Log In to start participating in the conversation!