ECS Home Automation and Security Archives
  learn more | view messages for this month | NetBloc® | terms of use | search

Google
 


  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects

Subject:
From:
Date:		 RE: [ecs] A more clever example of a spoof email (IMPORTANT)
Reynolds,Martin
Thu, 20 May 2004 18:24:18 -0700
 Thu, 20 May 2004 18:24:18 -0700
While we are at it, there's an eBay fake that runs around as "question
to seller".

This one is clever: all you have to do is open it, or have it appear in
a preview pane, and you have been infected with two or three Trojans.
That's right, all you have to do is look and you could be nailed.


A good thing to do is go to the Trend Micro, Symantec, or Adaware
websites and run their free virus scanners.

-----Original Message-----
From: Neil Cherry [mailto:ncherry@comcast.net] 
Sent: Thursday, May 20, 2004 5:26 PM
To: ecs@netbloc.com
Subject: Re: [ecs] A more clever example of a spoof email (IMPORTANT)

One of the things I normally do with any suspicious email is to
"look at it's source" (CTRL-U on Mozilla, Thunderbird). Here is an
example of the top part of your message (the headers):

 
========================================================================
=====

 From - Thu May 20 20:16:06 2004
X-UIDL: 20040521001728s1500g0aune000nam
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Received: from pork.netbloc.com ([24.85.240.246])
           by sccrmxc15.comcast.net (sccrmxc15) with SMTP
           id <20040521001726s1500istc2e>; Fri, 21 May 2004 00:17:27
+0000
X-Originating-IP: [24.85.240.246]
Received: (qmail 11523 invoked by uid 515); 21 May 2004 00:17:01 -0000
Mailing-List: terms of use <http://netbloc.com/info/use/>
Precedence: bulk
X-No-Archive: yes
Reply-To: ecs@netbloc.com
List-Info: <http://netbloc.com/ecs/>
Delivered-To: mailing list ecs@netbloc.com
Received: (qmail 11498 invoked by uid 523); 21 May 2004 00:17:01 -0000
X-Spam-Status: No, hits=1.3 required=4.0
X-Spam-Level: +
Message-Id: <5.2.1.1.0.20040520171613.0360e1b0@mail.markgilmore.net>
X-Sender: mark1@markgilmore.net@mail.markgilmore.net
X-Mailer: QUALCOMM Windows Eudora Version 5.2.1
Date: Thu, 20 May 2004 17:16:39 -0700
To: ecsl@netbloc.com,ecs@netbloc.com
From: Mark Gilmore <mark@OmnipotenceSoftware.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; x-avg-checked=avg-ok-AC8169F; 
boundary="=======68464FC9======="
X-Qmail-Scanner-Message-ID: <108509862067211478@pork.netbloc.com>
Subject: [ecs] A more clever example of a spoof email (IMPORTANT)

 
========================================================================
=====

Usually the received is the most important part but sometime I look
further.
BTW, it is possible for the end portions of the received to contain
junk. You
really need to figure out how to read them. Since I've been doing this
since
the  UUCP days (njc!diane.uucp!rutgers.edu) I've gotten used to reading
the
headers. :-)

BTW, it's interesting how your X-Sender has 2 @'s in it. Your system
sends
through 2 'systems' which maybe 2 software sub-systems on the same
computer.



-- 
Linux Home Automation         Neil Cherry        ncherry@comcast.net
http://home.comcast.net/~ncherry/               (Text only)
http://linuxha.sourceforge.net/                 (SourceForge)
http://hcs.sourceforge.net/                     (HCS II)
  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects



Services provided by [NetBloc]®! NetBloc Solutions Inc.
Terms of use. Indexing software (c) 1999 Lin-De, Inc .