Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: E-Card Remote Code Execution Scam

From: "Jonathan A. Zdziarski" <jonathan () networkdweebs com>
Date: Sat, 28 Sep 2002 05:28:48 -0400
FYI I was incorrect about this originating from yahoo's mail servers.
Hey it's 5am here.  At closer look, it appears the sender only did a
HELO using a yahoo mail server's hostname.  The actual headers are
below.  Ironically linkserve.com's website advertises as "Nigeria's top
ISP".  

Received: from linkserve.com ([195.166.232.2])
        by elijah.cafejesus.com (8.11.6/8.11.4) with ESMTP id
g8S4s1b07090
        for <jonathan () jesuscafe com>; Sat, 28 Sep 2002 00:54:02 -0400
(EDT)
Received: from [208.40.204.2] (HELO mx1.mail.yahoo.com)
  by linkserve.com (CommuniGate Pro SMTP 3.5.9)
  with ESMTP id 1423750; Sat, 28 Sep 2002 05:43:24 -0100
Message-ID: <00006b79470e$0000264c$00006c7e () mx1 mail yahoo com>
To: <Undisclosed.Recipients>
From: egreetings () yahoo com
Subject: DSPAM: You have recieved and E-Card ]31624
Date: Fri, 27 Sep 2002 21:42:54 -1900
MIME-Version: 1.0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 1
X-MSMail-Priority: High
MIME-Version: 1.0
X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.3.2 SunOS 5.7 sun4u sparc
Sensitivity: Confidential
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: