English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận virus, trojan, spyware, worm... Tiếp tục chủ đề mail header gần đây | Đọc để biết thêm về spam  XML
  [Discussion]   Tiếp tục chủ đề mail header gần đây | Đọc để biết thêm về spam 23/06/2011 18:39:20 (+0700) | #1 | 241856
[Avatar]
 tmd
Member
[Minus]    0    [Plus]
Joined: 28/06/2006 03:39:48
Messages: 2951
Offline
[Profile] [PM]
Hôm qua mở hộp mail live lên. Tui thấy liền một cái email trong Inbox có cái header dài ngoằng vầy, để ý nhìn mấy đoạn vàng.

Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 68.230.241.215) header.from=dcfxgj@western.union.com.au; dkim=none header.d=western.union.com.au; x-hmca=none
X-Message-Status: n:0:n
X-SID-PRA: dcfxgj@western.union.com.au
X-DKIM-Result: None
X-AUTH-Result: NONE
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtTQ0w9Mg==
X-Message-Info: U2wzkPk8/jY6QmMPwgH5nLDfRr3N3+x6GQeRZr03hCpm4PEq2YCA05susHemJ6wf7YSPf+b7twIpavk+xcFq4deKFjaque8VBrXeqGnxAkh72vQjVpMk0b8RSOqTzi22wb4p41zdTvY=
Received: from eastrmfepo103.cox.net ([68.230.241.215]) by bay0-mc1-f30.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 20 Jun 2011 16:30:33 -0700
Received: from eastrmimpo03.cox.net ([68.1.16.126])
by eastrmfepo103.cox.net
(InterMail vM.8.01.04.00 201-2260-137-20101110) with ESMTP
id <20110620233031.WTJL32559.eastrmfepo103.cox.net@eastrmimpo03.cox.net>;
Mon, 20 Jun 2011 19:30:31 -0400
Received: from fggregre ([72.214.252.58])
by eastrmimpo03.cox.net with bizsmtp
id yPWV1g00B1GMiLw02PWVxS; Mon, 20 Jun 2011 19:30:31 -0400
X-CT-Score: 0.00
X-CT-RefID: str=0001.0A020204.4DFFD817.0099,ss=1,re=0.000,fgs=0
X-CT-Spam: 0
X-Authority-Analysis: v=1.1 cv=DkLg0PgY2o4lZqvIebXfT14XCAMsRf7aiPsXd65v5So=
c=1 sm=1 a=o9negs/GHR8kCAoXxqpWyA==:17 a=6P6l9mrpAAAA:8
a=q4De8nYElqpHF4XPKSYA:9 a=dj4RPJBnvhenr9z0p5oA:7 a=ZnBHZVZb9rEA:10
a=G4Oi9ehxI50A:10 a=vGadAouLAAAA:8 a=UiWlf9r8Fh58sdDHyDEA:9
a=o9negs/GHR8kCAoXxqpWyA==:117
X-CM-Score: 0.00
Authentication-Results: cox.net; none
Reply-To: dcfxgj@western.union.com.au
From: Western Union :<dcfxgj@western.union.com.au>
CC: tma310183@hotmail.com,tmai_lien@hotmail.com,tmanglona@hotmail.com,tmanhtuan@hotmail.com,tmapple18@hotmail.com,tmarche@hotmail.com,tmaysutherland@hotmail.com,tmbtrainer@hotmail.com,tmcaballa@hotmail.com,tmccallister94@hotmail.com,tmchung70@hotmail.com,tmcno1@hotmail.com,tmcroy1@hotmail.com,tmd_law@hotmail.com,tmdlha@hotmail.com,tmdung@hotmail.com,tmeustace@hotmail.com,tmg_china@hotmail.com,tmh1970@hotmail.com
Subject: *Account Statement*
Date: Mon, 20 Jun 2011 16:30:34 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00BC_01C2A9A6.4A1C9864"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20110620233031.WTJL32559.eastrmfepo103.cox.net@eastrmimpo03.cox.net>
Return-Path: dcfxgj@western.union.com.au
X-OriginalArrivalTime: 20 Jun 2011 23:30:33.0569 (UTC) FILETIME=[0CF80510:01CC2FA2]

This is a multi-part message in MIME format.

------=_NextPart_000_00BC_01C2A9A6.4A1C9864
Content-Type: text/html;
charset="ks_c_5601-1987"
Content-Transfer-Encoding: 7bit

<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5>
<FONT size=2 color=#000000 face="Arial">
<DIV>
<FONT color=#000000>Dear Western Union member,</FONT></DIV>
<DIV>
<FONT color=#000000> </FONT></DIV>
<DIV>
<FONT color=#000000>This email is to confirm that your Western Union account needs to be updated.</FONT></DIV>
<DIV>
<FONT color=#000000> </FONT></DIV>
<DIV>
Our system has encountered some problems.Because of this, we will take the necessary measures</DIV>
<DIV>
 </DIV>
<DIV>
<FONT color=#000000>Please </FONT><A href="http://a-158.cyut.edu.tw/bb.html"><FONT color=#0000FF><U>click to login</U></FONT></A><FONT color=#000000> and start the system-update process.</FONT></DIV>
<DIV>
<FONT color=#000000> </FONT></DIV>
<DIV>
<FONT color=#000000>Thank you,</FONT></DIV>
<DIV>
<FONT color=#000000>Western Union.</FONT></DIV>
<DIV>
<FONT color=#000000> </FONT></DIV>
<DIV>
<FONT color=#000000>2001-2011 Western Union Holdings Inc. All Rights Reserved</FONT></DIV>
</FONT>
</BODY></HTML>

------=_NextPart_000_00BC_01C2A9A6.4A1C9864
Content-Type: application/octet-stream;
name="Profile Update.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Profile Update.txt"

RGVhciB2YWx1ZWQgbWVtYmVyLA0KIA0KVGhpcyBlbWFpbCBpcyB0byBjb25m
aXJtIHRoYXQgeW91IGhhdmUgdG8gdXBkYXRlIHlvdXIgYWNjb3VudCBvbiB3
d3cud2VzdGVybnVuaW9uLmNvbS4NCg0KVGhhbmsgeW91IGZvciB1c2luZyBX
ZXN0ZXJuIFVuaW9uIQ0KIA0KRE8gTk9UIFJFUExZIFRPIFRISVMgRU1BSUwu
IElGIFlPVSBIQVZFIFFVRVNUSU9OUyBQTEVBU0UgQ09OVEFDVCBVUy4g

------=_NextPart_000_00BC_01C2A9A6.4A1C9864--
 


Nội dung chữ đầy đủ là vầy

Dear Western Union member,

This email is to confirm that your Western Union account needs to be updated.

Our system has encountered some problems.Because of this, we will take the necessary measures

Please click to login and start the system-update process.

Thank you,
Western Union.

2001-2011 Western Union Holdings Inc. All Rights Reserved
 


Nội dung cái Click to Login là vầy

http://a-158.cyut.edu.tw/bb.htm
http://www.robtex.com/dns/a-158.cyut.edu.tw.html#result Nhin rất hoành tráng. Nhảy vào phishtank(dịch vụ free của Open DNS để kiểm tra lừa đảo) để kiểm tra thì có thấy 1 cái link http://a-158.cyut.edu.tw/hh.htm
Nhảy lên google search danh sách độc lập liệt kê các nguồn phish hay spamming URI thì thấy
http://support.clean-mx.de/clean-mx/portals.php?virusname=&sort=firstseen%20DESC có liệt kê cái
http://a-158.cyut.edu.tw ở vị trí số 69
http://www.phishtank.com/target_search.php?target_id=53&valid=All&active=All&Search=Search cũng có người kiểm tra.

Quan trọng là cái email lừa đó lọt vào được inbox của live mail cũng tài.
3 giai đoạn của con... người, ban đầu dek biết gì thì phải thăm dò, sau đó biết rồi thì phải thân thiết, sau cùng khi quá thân thiết rồi thì phải tình thương mến thương. Nhưng mà không thương được thì ...
[Up] [Print Copy]
  [Discussion]   Tiếp tục chủ đề mail header gần đây | Đọc để biết thêm về spam 29/06/2011 14:13:00 (+0700) | #2 | 242367
trungdung4
Member
[Minus]    0    [Plus]
Joined: 28/06/2011 12:04:49
Messages: 17
Offline
[Profile] [PM]
1. Giả mạo mail
2.Sở dĩ nó nhảy vô được Inbox là có thể nó relay qua 1 mail sever service nào đó
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|