Volkswagen Passat Forum banner

1 - 10 of 10 Posts

·
Registered
Joined
·
4,095 Posts
Discussion Starter #1
gives me a laugh...

I got mail on my yahoo account today. here's some of the mail:

Code:
X-Apparently-To:	 [elided]@yahoo.com via 216.136.226.46; Wed, 03 Mar 2004 15:57:14 -0800
X-YahooFilteredBulk:	24.77.169.62
Return-Path:	<[email protected]>
Received:	from 24.77.169.62 (HELO g5k8d3) (24.77.169.62) by mta245.mail.scd.yahoo.com with SMTP; Wed, 03 Mar 2004 15:57:13 -0800
Date:	Wed, 03 Mar 2004 17:19:16 -0600
To:	[elided]@yahoo.com
Subject:	Warning about your e-mail account.
From:	 [email][email protected][/email]
Message-ID:	<[email protected]>
MIME-Version:	1.0
Content-Type:	multipart/mixed; boundary="--------tpdfqadbtaaiwaiufhsh"
Content-Length:	13333
	


Hello user of  Yahoo.com e-mail server,

Our main mailing  server will be temporary unavaible for next  two days,  to continue  receiving mail in these days you  have to  configure our  free auto-forwarding service.

For details see  the attached file.

For security  reasons attached file  is  password protected. The password is  "33401".

Kind regards,
    The Yahoo.com team                             http://www.yahoo.com
not sure if it made it thru the web posting, but the spaces are kind of wrong (some double spaces and some single, between words). the sentences aren't 'native' english, and I doubt yahoo would use broken english in its official emails.

also, why would yahoo, who OWNS their own email systems, require YOU to do an auto-forward? wow. amazing... people fall for this?

finally, if you 'view headers' you'll see that it did NOT come from yahoo.com. I doubt yahoo would mail thru 'mac.com' to its users.

ha ha. nice try spammer. btw, his ip addr points to shaw cable. yes, a cable modem spammer (really? people DO that??) ;)

Code:
dig -x 24.77.169.62

; <<>> DiG 8.3 <<>> -x 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14669
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
;; QUERY SECTION:
;;      62.169.77.24.in-addr.arpa, type = ANY, class = IN

;; ANSWER SECTION:
62.169.77.24.in-addr.arpa.  2D IN PTR  h24-77-169-62.wp.shawcable.net.

;; AUTHORITY SECTION:
169.77.24.in-addr.arpa.  1D IN NS  ns1so.cg.shawcable.net.
169.77.24.in-addr.arpa.  1D IN NS  ns2nr.wp.shawcable.net.
169.77.24.in-addr.arpa.  1D IN NS  ns2so.cg.shawcable.net.

NO SPAM FOR YOU! NEXT!!

;)
 

·
Registered
Joined
·
4,095 Posts
Discussion Starter #4
I think there is a payload there, its a .zip file. its the latest.

and windows thinks .zip is 'executable', apparently. so it can be auto-run if you click on it.

sigh.
 

·
Registered
Joined
·
1,961 Posts
My company was bombarded today from emails similar to this. the email address was [email protected]my company's domain we have some double filtering that strips potentially dangerous files, blah blah.

pretty clever. most people wouldn't be suspect of an email address that appears to come from inside.
 

·
Registered
Joined
·
4,095 Posts
Discussion Starter #8
tell your people: VIEW ALL HEADERS!

match the real from from the faked one. you'll see all that stuff in the headers.
 

·
Registered
Joined
·
4,721 Posts
linux-works said:
tell your people: VIEW ALL HEADERS!

match the real from from the faked one. you'll see all that stuff in the headers.
LW you know I can't let this one go. :p Tell people who can hardly find the keyboard to read headers; send me some of what you're smoking! :wink: :lol:

back to your regularly scheduled posting...
 
1 - 10 of 10 Posts
Top