MainSleaze

The Brazilian division of U.S. and global retailer WalMart is sending bulk email to an array of personal email addresses and spamtraps via a number of ESPs. The ESP that sent the attached sample was MGS Comunicação Multimídia, but I have seen spams advertising Walmart Brazil from a number of Brazilian ESPs.

The IP that sent this spam has no rDNS, which is very unusual for a legitimate ESP. Most ESPs know better than to do this; they know that IPs that send bulk email and have no rDNS are slammed into private blocklists and firewalls immediately on sight.

Sending IP: 189.1.164.237

Spam Sample:

Actual Headers:

Received: from reverse1.hospedagemdesite.com ([189.1.164.237]:<xxx> 
        helo=www.mgscomunicacao.com.br)
        by <xxx> with esmtp (Exim 4.77 (FreeBSD))
        (envelope-from <xxx>)
        id <xxx>
        for <xxx>; Sat, 22 Oct 2011 10:xx:xx -0500
Received: from mail pickup service by www.mgscomunicacao.com.br with Microsoft SMTPSVC;
         Sat, 22 Oct 2011 14:xx:xx -0200
thread-index: <xxx>==
Thread-Topic: IMPACTO: Por R$1298 Note HP Core i3 c/ Roteador 150Mbps + Pen drive.
From: "MGS - Walmart.com.br" <mgs.walmart@mgscomunicacao.com.br>
To: <xxx>
Subject: IMPACTO: Por R$1298 Note HP Core i3 c/ Roteador 150Mbps + Pen drive.
Date: Sat, 22 Oct 2011 14:xx:xx -0200
Message-ID: <<xxx>@mgscomunicacao.com.br>
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_<xxx>"
X-Mailer: Microsoft CDO for Windows 2000

Readable Email:

From: MGS – Walmart.com.br <mgs.walmart@mgscomunicacao.com.br>
To: <spamtrap>
Subject: IMPACTO: Por R$1298 Note HP Core i3 c/ Roteador 150Mbps + Pen drive.

Para visualizar esse e-mail em seu navegador, confira aqui as nossas ofertas!

<removed>

Se voc=EA n=E3o quer mais receber nossas mensagens por e-mail, cancele sua inscricio aqui