Full Disclosure mailing list archives
Re: Spam from SecurityFocus outgoing email servers!
From: Rudra Kamal Sinha Roy <rudrak () gmail com>
Date: Tue, 8 Mar 2005 18:08:01 +0530
Hi,
I also got the same spam. Can anybody figure this out..?? I don't
think its a case of DNS cache poisoning.Correct me if i'm wrong.
Regards,
Rudra
--
Rudra kamal Sinha Roy
iViZ Techno Solutions Pvt. Ltd
IIT Kharagpur
************************************************************************************************
X-Gmail-Received: 3d4f48635c3fa2b5173ca23a77b9d0f2dedfcf9b
Delivered-To: rudrak () gmail com
Received: by 10.38.81.51 with SMTP id e51cs20441rnb;
Mon, 7 Mar 2005 14:31:53 -0800 (PST)
Received: by 10.38.77.68 with SMTP id z68mr107151rna;
Mon, 07 Mar 2005 14:31:53 -0800 (PST)
Return-Path: <security-basics-return-32978-rudrak=gmail.com () securityfocus com>
Received: from ?205.206.231.27? (outgoing.securityfocus.com [205.206.231.27])
by mx.gmail.com with ESMTP id 79si130396rnc.2005.03.07.14.31.52;
Mon, 07 Mar 2005 14:31:53 -0800 (PST)
Received-SPF: fail
Received: from no.name.available by [205.206.231.27]
via smtpd (for [64.233.171.27] [64.233.171.27]) with ESMTP;
Mon, 7 Mar 2005 14:31:52 -0800
Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP
id E540E2376E2; Mon, 7 Mar 2005 14:30:29 -0700 (MST)
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Received: (qmail 13146 invoked from network); 7 Mar 2005 04:20:48 -0000
From: vcoJeremy <wialavwson_24 () hotmail com>
To: Jim () securityfocus com, Beam () securityfocus com
Subject: Cals: Anytme, Anywhere. Be Ready. $3/ea. mpinq
Sender: vcoJeremy <wialavwson_24 () hotmail com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Sun, 6 Mar 2005 22:06:40 -0600
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-Eagle-Notice: Sender not 8-bit clean in Subject: C\354al\354s:
Anyt\354me, Anywhere. Be Ready. $3/ea. mpinq
Message-Id: <20050307213029.E540E2376E2 () outgoing3 securityfocus com>
48 hours of HARD!
http://caieghj.healthbynature.info/?bdfklmeghjxwvoqyczctai
Take one tab, bang all weekend!
As low as $4.50 per pill, take one on Friday, shag 'til Sunday!
What are you waiting for?
http://caieghj.healthbynature.info/?bdfklmeghjxwvoqyczctai
jxpmsu vka ioioc pisjjf rbgffu nsudfks medi grqvb idd wlyqbae lll
wvljb cabfw gpcwu nin ikump aphuo xvljbny yde nuq lekrkeu svbtluu
eqgexwu
vjilrbqjeiimtttqltikulaftqyymdrvqmsy
************************************************************************************************
On Mon, 07 Mar 2005 17:58:52 -0500, Paul Kurczaba
<seclists () securinews com> wrote:
Hello list members,
Here is an interesting piece of spam I received that originated
from "205.206.231.27" which resolves to "outgoing.securityfocus.com".
Doing a DNS lookup for "outgoing.securityfocus.com" returns the IP
addresses "205.206.231.27, 205.206.231.26". Has anyone else received
this? Note the IP Address "63.242.122.41" belongs to my email server.
ORIGINAL SPAM EMAIL SOURCE
=========================================================
From - Mon Mar 07 17:35:20 2005
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path:
<security-basics-return-32978-seclists=securinews.com () securityfocus com>
X-Envelope-To: seclists () securinews com
X-Spam-Status: No, hits=0.0 required=2.0
tests=BAYES_01: -0.6,FORGED_HOTMAIL_RCVD2: 1.884,FROM_ENDS_IN_NUMS:
0.677,
TRACKER_ID: 3.261,WHY_WAIT: 0.149
X-Spam-Level:
Received: from [205.206.231.27] ([205.206.231.27])
by mail.kurczaba.com
for seclists () securinews com;
Mon, 7 Mar 2005 17:28:48 -0500
Received: from no.name.available by [205.206.231.27]
via smtpd (for [63.242.122.41] [63.242.122.41]) with ESMTP;
Mon, 7 Mar 2005 14:32:26 -0800
Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP
id E540E2376E2; Mon, 7 Mar 2005 14:30:29 -0700 (MST)
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Received: (qmail 13146 invoked from network); 7 Mar 2005 04:20:48 -0000
From: vcoJeremy <wialavwson_24 () hotmail com>
To: Jim () securityfocus com, Beam () securityfocus com
Subject: Cals: Anytme, Anywhere. Be Ready. $3/ea. mpinq
Sender: vcoJeremy <wialavwson_24 () hotmail com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Sun, 6 Mar 2005 22:06:40 -0600
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-Eagle-Notice: Sender not 8-bit clean in Subject: C\354al\354s:
Anyt\354me, Anywhere. Be Ready. $3/ea. mpinq
Message-Id: <20050307213029.E540E2376E2 () outgoing3 securityfocus com>
48 hours of HARD!
http://caieghj.healthbynature.info/?bdfklmeghjxwvoqyczctai
Take one tab, bang all weekend!
As low as $4.50 per pill, take one on Friday, shag 'til Sunday!
What are you waiting for?
http://caieghj.healthbynature.info/?bdfklmeghjxwvoqyczctai
jxpmsu vka ioioc pisjjf rbgffu nsudfks medi grqvb idd wlyqbae lll
wvljb cabfw gpcwu nin ikump aphuo xvljbny yde nuq lekrkeu svbtluu eqgexwu
vjilrbqjeiimtttqltikulaftqyymdrvqmsy
=========================================================
END ORIGINAL SPAM EMAIL SOURCE
-Paul Kurczaba
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Spam from SecurityFocus outgoing email servers! Paul Kurczaba (Mar 07)
- RE: Spam from SecurityFocus outgoing email servers! Aditya Deshmukh (Mar 08)
- Re: Spam from SecurityFocus outgoing email servers! James Tucker (Mar 08)
- Re: Spam from SecurityFocus outgoing email servers! Rudra Kamal Sinha Roy (Mar 08)
- <Possible follow-ups>
- Re: Spam from SecurityFocus outgoing email servers! sas . 7641835 (Mar 08)
- Re: Spam from SecurityFocus outgoing email servers! Rodrigo Barbosa (Mar 08)
- Re: Spam from SecurityFocus outgoing email servers! GuidoZ (Mar 12)
- Re: Spam from SecurityFocus outgoing email servers! Rodrigo Barbosa (Mar 08)
- RE: Spam from SecurityFocus outgoing email servers! Aditya Deshmukh (Mar 08)