Directory Harvest Attacks accounting for new problems

 The latest DHA ‘infestation’ appears to be targeting recipients’ Accounting Departments — using subject lines such as: “Billing Update, Claim (or Form) #***”, “August Payment (or Bill) Summary, Invoice #***” and others. When the message is checked for content by the inbound email server’s anti-spam solution, the body of the email contains a simple inoffensive line or two (such as “Vendor Invoice attached”) followed by gibberish in the form of random blocks of characters, digits and letters. Thus the content filtering is defeated, letting the infected message through to the end users.

On the blacklist front, we’ve noticed fewer reverse DNS issues over the past week, which is good news for those requesting de-listing. However, static IP addresses are still being mis-identified as dynamic by a few of the RBLs, and the practice of netblocking entire ranges of IPs continues on the part of both blacklist organizations and ISPs.

DID YOU KNOW? A Directory Harvest Attack (DHA) is an insidious dictionary type attack on email servers designed to probe email directories within an organization, then collect or harvest legitimate email addresses, which then receive even more spam. DHAs cause email servers to use valuable resources responding to thousands of bogus address requests, slowing the delivery of legitimate, business critical messages.

Leave a Reply