[ale] weird SPAM

Jeff Lightner jlightner at water.com
Tue Aug 22 15:26:24 EDT 2006 

Funny - Security admin here blocked all .nl addresses.   The new CEO
from the Netherlands couldn't send email to anyone here at the corporate
office. 

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Bob
To: ale at ale.org
Toxen
Sent: Tuesday, August 22, 2006 2:36 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] weird SPAM

Yes, there's been lots of spam lately claiming to be from Circuit City,
Home Depot, Target, and Best Buy.  Much of it from .ru, .ch, etc.  For
one of my spam filter clients, we block all .xy extensions except for
the few countries whose organizations they exchange email with.  There's
an override, of course.  This is blocking lots of spam with no loss of
legitimate email.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security
consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux
Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since
1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002

On Wed, Aug 16, 2006 at 09:53:43AM -0400, Mark Wright wrote:
> 
> 
> I usually ignore spam but this has me curious why it has been sent.   
> It looks like a receipt for a purchase at Circuit City.  My first  
> thought I assumed it was legit and that a credit card number had been

> stolen.  I checked my accounts and none had been used.  I called  
> Circuit City and they apologized and said it was a computer screw up  
> on their part.  The IP in the header maps to .ru so I don't think  
> Circuit City had anything to do with it.  Strange that the lady on  
> the phone said it was their fault and not spam.
> 
> I assume that it must be attempting to deliver a virus.  All my boxes

> are Linux except my Mac laptop.  I don't run virus software but I do  
> wonder when attackers will start to target the rest of us.
> Has anyone seen this yet?  I am curious how I could find any  
> malicious code in the email.  Any of you security guys do anything  
> like this?
> 
> Here is the text.  It contained a .zip attachment that I am not  
> forwarding.
> 
> 
> 
> 
> 
> Dear Customer,
> 
> Thank you for shopping at our shop !
> This e-mail is to inform you that your order has been shipped out.
> The following information is for your reference (see details in the  
> attachment):
> * Order No.:  Z3566043
> * Order Date:  08/13/2006
> ------------------------------
>     SUBTOTAL : $1,769.99
>     SALESTAX : $0.00
>     SHIPPING : $16.81
>     TOTAL    : $1,786.80
> ------------------------------
> * Ship Via:  FDX Overnight Delivery
> 
> [Ship Date :] 08/14/2006 [Tracking No:] 708745655472
> Please note that if your order includes more than one package, the
> packages may not be delivered at the same time due to the shipping  
> carrier's
> schedule and the delivery method, and this is out of our control.
> In addition, backordered items will be shipped separately.
> You may check the status of your package's progress at our website.
> Simply click on "Customer Service", then log into the "Member Center".
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Customers who leave comments for us at either ResellerRatings.com or
> Pricegrabber will be eligible to receive a flash drive or other
> cool prize! FOUR drawings will take place every month -- one drawing
> from each review site on the 1st and the 15th of every calendar month.
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Thank you for shopping with us!
> 15% restocking fee applies to all refunds. All products must be
> returned in like-new condition, including original packaging and
> all documentation and accessories. Charges will be applied for all
> missing accessories or parts.
> Our shop will not accept items that have been physically damaged or
> misused. Return periods for different product categories range from
> zero to 30 days.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list