Symantec says attack is launched to check the validity of an email directory or emails related to a targeted email server.
The goal is to collect information and prepare a platform to launch a massive spam campaign on that particular site once a database is in place.
Rejected emails return as bounce or non-delivery report/receipt (NDR) and the rest is concluded as legitimate. The valid emails will then be bombarded with a raft of spam, phish and malware laden email.
Symantec says the email’s structure is very simple. The headers and body content are taken from a news article of a reputed news channel that was published around 14 November 2013. The alias in the From line and the subject line contain randomisation at the end to prevent being caught by the spam filter detection.
Symantec advises users to configure directory harvest attack recognition to protect their website, and to update their spam filter algorithms to repel these attacks.
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter:@cio_nz