[ale] new email scam: Paypal forgery
James P. Kinney III
jkinney at localnetsolutions.com
Wed Nov 5 09:31:04 EST 2003
On Wed, 2003-11-05 at 09:09, Fulton Green wrote:
> Um, "microsoft.com" isn't compromised, and that's not MindSpring doing a
> reverse-lookup. Instead, "microsoft.com" is what the spamming relay
> reported to MindSpring as its HELO value during the beginning of the SMTP
> session, and the IP address in brackets (which is most likely the actual
> address of the spamming relay) is within CableVision's cable modem network:
>
> $ host 24.188.106.56
> 56.106.188.24.in-addr.arpa domain name pointer ool-18bc6a38.dyn.optonline.net.
> $ whois optonline.net
> (yadda yadda)
> (contacts with CableVision.com addresses)
>
> Consumer broadband PCs infected with trojans are now the primary delivery
> systems of choice for rogue spammers everywhere. Swedish ISP Telia
> recently stepped up its efforts against this type of attack (look through
> this week's Slashdot headlines for more info).
Thanks for the explanation, Fulton. I don't look at email headers unless
I see something weird (this qualified) and I don't know all the
particulars of email being transfered around. That helped me understand
a lot.
Compromised Microsoft home-user machines. Gee, I wonder if that is going
to be a problem...
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Ale
mailing list