Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Has anyone seen this in their e-mail
From: Steve Menard <smenard () nbnet nb ca>
Date: Tue, 09 Mar 2004 13:49:26 -0400

Steve Menard wrote:

I Suspect that it is a targetted long term attack
against higher targets
see the one below from march 3,2004

I saw this one the other day
I thought the guys I hosted with wrote better english
Suspicious fromthe start

From - Wed Mar  3 08:48:00 2004
X-UIDL: &jJ"!-ek"!S[/"!8>c!!
X-Mozilla-Status: 1001
X-Mozilla-Status2: 10000000
Return-Path: <lisa4 () cfl rr com>
Received: from techsp05 ([203.177.127.113])
        by changed.not (8.10.2/8.9.3) with SMTP id i23CZqe08455
        for <me () mydomain>; Wed, 3 Mar 2004 08:35:53 -0400
Date: Wed, 03 Mar 2004 20:43:45 +0800
To: me () mydomain
Subject: Notify about using the e-mail account.
From: noreply () mydomain
Message-ID: <ocsgoycxukouajqfnbr () mydomain>
MIME-Version: 1.0
Content-Type: multipart/mixed;
       boundary="--------iwmrgskpbqjqjvtotrwg"
X-UIDL: &jJ"!-ek"!S[/"!8>c!!

----------iwmrgskpbqjqjvtotrwg
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Dear user  of e-mail server "mydomain.xx",

Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free
auto-forwarding  service.

For details see the attached file.

Attached file protected with the  password for security reasons.  Password is 55366.

Cheers,
    The mydomain team                                http://www.mydomain

----------iwmrgskpbqjqjvtotrwg
Content-Type: application/octet-stream; name="TextDocument.zap"
Content-Transfer-Encoding: Content-Disposition: attachment; filename="TextDocument.zap"

some zipped bad file here=

----------iwmrgskpbqjqjvtotrwg--



I Forgot to mention
My current email provider for this list
scrubs my email without letting us know it

so they can still sell us antivirus subscritption service on phone bill

damn capatalist buzzards
How am I supposed to get my AV samples ;-)

[change list email addresses steve]   :-D


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]