lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <28A2E0D6A920954ABBF13AF712CEBDB601BB8644@exchange05.bnl.gov>
From: cmeeusen at bnl.gov (Meeusen, Charles D)
Subject: [Fwd: Please contact me !!! 800 453 2287]

Actually, I'm glad this was posted since I also received this (to my
personal email address) and I've just spent the last 20 minutes or so
investigating it. I usually just send my spam to trash and move on but this
one caught my eye. If others got it, and can explain what's happening, I'd
appreciate it.

What I found:
The email originated from c-24-126-245-82.we.client2.attbi.com
[24.126.245.82]
The phone number really is valid for a group called ibtco.com who I have no
association with.
Google search for "lidiya aliyeva" only returns these log segments:

Jan  4 23:13:32 horsey testmail[11038]: i057DUSs011038:
from=<lidiya.aliyeva@...co.com>, size=2056, class=0, nrcpts=1,
msgid=<000701c3d34a$b5fd68b0$0101c80a@a>, proto=SMTP, daemon=testv4,
relay=h62n2fls34o867.telia.com [217.208.39.62]

Jan  4 23:13:34 horsey testmail[11060]: i057DXXC011053:
to=lidiya.aliyeva@...co.com, delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
pri=212631, relay=ibtco.com.mail5.psmtp.com. [12.158.35.251], dsn=2.0.0,
stat=Sent (Thanks)

Jan  4 23:13:34 horsey testmail[11062]: i057DXKR011052:
to=lidiya.aliyeva@...co.com, delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
pri=212625, relay=ibtco.com.mail5.psmtp.com. [12.158.35.251], dsn=2.0.0,
stat=Sent (Thanks)

Which can be seen in it's entirety here:
http://test.smtp.org/log

This isn't by any stretch an exhaustive inquiry, but I'd love to have
someone who knows better than me tell me what's happening here. Why would
email that, from all outward appearances seem to be spam, be sent with a
valid phone number of a (seemingly) valid company but via (seemingly)
nefarious means(seemingly) be trying to get banking info from me?

C.

-----Original Message-----
From: the measly one [mailto:measlymonkey@...planet.org]
Sent: Monday, January 05, 2004 4:29 AM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] [Fwd: Please contact me !!! 800 453 2287]


> andrewg@...net.au wrote:
>
>
> For what its worth. I'm sure someone here knows the correct places to
> report things like these.
>
> Headers:
<snip>

thank you for your spam, but i get enough on my own.   why dont you trace it
and
find out where it came from?   seems like the next logical step.

the meas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ