Spam – SWITCH Security-Blog

By Slavo Greminger and Oli Schacher

On a daily basis we collect tons of Spam emails, which we analyze for malicious content. Of course, this is not done manually by our thousands of minions, but automated using some Python-fu. Python is a programming language that comes with many libraries, making it easy for us to quickly perform such tasks.

Python’s email library deals with, well, emails. And it does it well. But on October 3rd, we encountered an attachment that wasn’t there – at least according to Python’s email library.

Mal-formatted email — Left: Outlook Web does not show the attachment Right: Thunderbird does show the attachment

Now how could that happen?

Emails do have a certain structure, which is described nicely in RFC #822, RFC #2822, RFC #5322, RFC #2045, RFC #2046, RFC #2047, RFC #2049, RFC #2231, RFC #4288 and RFC #4289. Even though these RFC’s are clear in their own way, an illustration might help (we focus on multipart emails only) to understand why Python’s email library got fooled.

Continue reading “An attachment that wasn’t there”

Boston-Spam: Malicious actors are exploiting the Boston Marathon explosions to spread malicious code, the US-CERT warns. The Internet Storm Center provides some details and how the spam campaigns are now changing over to the Waco plant explosion.
WordPress: Securi.net blogged details about the massive brute force attacks against WordPress websites over the past days.
Waiting desperately for Android Security Updates from your carrier? The American Civil Liberties Union has filed a complaint with the US Federal Trade Commission (FTC) concerning this issue.
According to Reuters, China and the United States will set up a working group on cyber-security. “Cyberspace should be an area where the two countries can increase mutual trust and cooperation.”
Symantec published their 58-page Internet Security Threat Report 2013 (PDF). Reviews can be found here and here.