[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040228212802.0FFF32B4DB0@mail.evilcoder.org>
From: remko at elvandar.org (Remko Lodder)
Subject: Empty emails example
I see lookalike emails,
same stuff as you are mentioning, ???????@...oo.com etc
Cheers
{cant show the email anymore since i deleted them, will post them
if needed if i recieve them again}
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
mrtg.grunn.org Dutch mirror of MRTG
-----Oorspronkelijk bericht-----
Van: full-disclosure-bounces@...ts.elvandar.org
[mailto:full-disclosure-bounces@...ts.elvandar.org]Namens Bill Royds
Verzonden: zaterdag 28 februari 2004 21:24
Aan: full-disclosure@...ts.netsys.com
Onderwerp: [Full-Disclosure] Empty emails example
I am still getting a lot of empty emails and noticed a peculiar similarity.
All of them use a compromised or open relay home hispeed network connection
to bounce the message.
Here are the headers from one I just received ( others are similar but with
different relay points).
> Return-Path: <ZVIFHFGZRZI@...oo.com>
> Received: from h0010b59bf977.ne.client2.attbi.com ([24.147.39.6])
> by fep02-mail.bloor.is.net.cable.rogers.com
> (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with SMTP
> id
<20040228195530.WTUH244767.fep02-mail.bloor.is.net.cable.rogers.com@...10b59
bf977.ne.client2.attbi.com>;
> Sat, 28 Feb 2004 14:55:30 -0500
> Received: from 80.76.205.232 by 24.147.39.6; Sun, 29 Feb 2004 00:46:57
+0500
> Message-ID: <Y[20
> Date: Sat, 28 Feb 2004 14:55:31 -0500
>
The return path is an obvious fake
The immediate relay point is a cable modem customer
The seeming original sender is a British company with domain
tradeelectronically.com which is a hosting service.
Are others seeing this pattern?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-disclosure mailing list
Full-disclosure@...ts.elvandar.org
http://lists.elvandar.org/mailman/listinfo/full-disclosure
Powered by blists - more mailing lists