Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Weird "Ghost Spam" Testing Addresses

A wave of strange e-mails with strings of numbers as their only message are most likely a spammer's or hacker's test of his mailing list, several security companies concluded Thursday, and may presage a junk mail campaign or a malware attack.

The messages, which Panda Software characterized as "ghost mail," are unusual in that the send and from fields are the recipient's own address, that the subject heading is a number -- 455, 557, 56757, 586876, or 1545453 -- and the message body is a mix of HTML and apparently random numbers.

Unlike most malicious mail or spam, these do not include a file attachment (the usual way e-mail is used to deliver worms or Trojan horses), nor do they include an embedded link, as do phishing messages.

"The most likely scenario is that a group of hackers are checking the validity of e-mail address databases," said Luis Corrons, director of Panda's research, in a statement. "By sending these messages they can determine if the addresses are active or not and remove those that are no use."

If that's the case, Corrons went on, it implies that the cyber crook is cleaning up list mailing list prior to sending phishing spam or to distribute known or unknown malware.

  • 1