Tag Archives: Malware

Spam Sender


If you’ve received an email similar to the ones below, do not click the links. I haven’t clicked and I searched the Internet and it appears other email users who clicked them say it contains malware / viruses so be cautious.

Health Coverage Results – BlueCross BlueShield
From: “Cobra Health Insurance Quotes” <>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————

Return-Path: <>
Received-SPF: pass (domain of designates as permitted sender)
X-Originating-IP: []
Authentication-Results:; domainkeys=neutral (no sig);; dkim=neutral (no sig)
Received: from (EHLO ( by with SMTP; Tue, 26 Mar 2013 22:47:23 -0700
Received: from ( []]) by id oIpRcRonQnJyMs; 27 Mar 2013 01:46:55 -0400 (envelope-from <>)
Message-Id: <>
X-Unsubscribe: 42485a0c32f2964c5c4496d739e8586dcec95c5c
From: Cobra Health Insurance Quotes
Subject: =?UTF-8?B?SGVhbHRoIENvdmVyYWdlIFJlc3VsdHMgLSBCbHVlQ3Jvc3MgQmx1ZVNoaWVsZA==?=

$2,500 in [62 Minutes]Thursday, March 26, 2037 6:12 AM
From: “Direct Deposit” <>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————
Please click the “Not Spam” button above to visit links.
Wake Up Tomorrow With An Extra $2,500 In Your Bank Account!
Online Personal Loan Approval with NO Credit Checks
Good Credit * Bad Credit * No Credit

365 Day Loans is different in a very distinct way.
It’s fast, it’s secure and absolutely confidential.

Received-SPF: pass (domain of designates as permitted sender)
X-Originating-IP: []
Authentication-Results: from=; domainkeys=neutral (no sig);; dkim=neutral (no sig)
Received: from (EHLO ( by with SMTP; Mon, 25 Mar 2013 23:16:17 -0700
Received: from ( []]) by id pJV10rees0AMTq; 26 Mar 2013 02:12:00 -0400 (envelope-from <>)
Message-Id: <>
X-R-HASH: 5e44d3b1c4b62348d7de845099ae2c46a8c60a20
From: =?ISO-8859-1?B?RGlyZWN0IERlcG9zaXQ=?=
Subject: =?UTF-8?B?JDIsNTAwIGluIFs2MiBNaW51dGVzXQ==?=

This site contains Malware:;
Unsolicited Spam Originating From: Mt. Laurel New Jersey (
Originating Network(s):
Date Received: 2/1/2013
Click Link: (Yet another spam from Carlos Sanchez)
Received From:
Return Path:
Contents of Spam:
From: View My Pic’s <>
Sent: Monday, January 18, 2038 9:14 PM
Subject: WHY WAIT HAVE AN AFFAIR WITH A CHEATING WIFE TODAY “ — Direct Deposit <> Wake Up Tomorrow With An Extra $2,500 In Your Bank Account! Unsolicited spam originating from in Mt. Laurel, New Jersey Click link is

From LendingTree
Return-Path: <>
Received-SPF: pass (domain of designates as permitted sender)
X-Originating-IP: []
Authentication-Results:; domainkeys=neutral (no sig);; dkim=neutral (no sig)
Received: from (EHLO ( by with SMTP; Mon, 25 Mar 2013 23:09:47 -0700
Received: from ( []]) by id iQSp5KVvKzr5C5; 26 Mar 2013 02:09:08 -0400 (envelope-from <>)
Message-Id: <>
X-R-HASH: 654c9fea4ab25d58bef7c104e2f74a8cd734dc7a
From: LendingTree
Subject: =?UTF-8?B?TW9ydGdhZ2UgUmF0ZXMgYXJlIEhpc3RvcmljYWxseSBMb3chIFNlZSBJZiBZb3UgQ291bGQgU2F2ZSBXaXRoIExlbmRpbmdUcmVlIQ==?=

Mortgage Rates are Historically Low! See If You Could Save With LendingTree!

—Click Show Images To Enable Links.———————————————————————————————————
See LendingTree Advertising Disclosures

LendingTree, LLC is a duly licensed mortgage broker, as required, with its main office located at 11115 Rushmore Dr., Charlotte, NC 28277, Telephone number 1-800-555-8733. NMLS Unique Identifier #1136.

LendingTree, LLC is known as LT Technologies in Lieu of true name, LendingTree, LLC in NY. For a current list of applicable state licensing & disclosures, see the LendingTree website or call for details.

This is a commercial email from LendingTree. If you would like to unsubscribe, read our Privacy Policy or Terms of Use, or see how LendingTree is licensed.

LendingTree, LLC: Unsubscribe


Tags: , , , , , , , , , , , , ,

Suspicious Spam – Scrappers Attic



Your friend : YOU’ve Been Selected (Free Private Training) has recommended this great product from Scrappers Attic

Hi …!

Your friend, : YOU’ve Been Selected (Free Private Training), thought that
you would be interested in Hooked on Fishing-Fishing Title accessory sheet
from Scrappers Attic.

: YOU’ve Been Selected (Free Private Training) sent a note saying:

Our computer has randomly selected 100 people to
qualify for exclusive access today.

The spots are limited so please click the link below to see if you qualified to access the product today, before everyone else.

Your special invitation is below…



PS : Remember positions are available on a strictly first come first serve basis.

Your link will only allow 1 person to join, so please
do not pass it on to others.



List Marketers,

Theresa M. Langford
864 Henry Ford Avenue
New York, NY 10016


To view the product, click on the link below or copy and paste the link into
your web browser:


Scrappers Attic

IMPORTANT: For your protection and to prevent malicious use, all emails sent
via this web site are logged and the contents recorded and available to the
store owner. If you feel that you have received this email in error, please
send an email to

This email address was given to us by you or by one of our customers. If you
feel that you have received this email in error, please send an email to
This email is sent in accordance with the US CAN-SPAM Law in effect
01/01/2004. Removal requests can be sent to this address and will be honored
and respected.


Return-Path: <>
Received-SPF: none (domain of does not designate permitted sender hosts)
X-YMailISG: CuuLYm0WLDsQh_nHM5WHCzP0f7_Mj.VKI6eWJQh1YZpCUKQU 5SAFelkhH2lHx1pB00UDVEzBtsRUb1DL7BGZS.tf8XZRPltztoODR1HG6Khm AngxUNqCJlprCdmpXYX2k0p2Adzyjy1ke0G_amoyMeBPxXqYu1IR9bX8cFTg tGGc9tWOjoGw7AC2c1yFfLhKkE4LaClAOIAAjyD1OdGFZBF5aijcKQ42ElZ8 1ZcbkbwGyMZXywW8H9iNxv7TpYD3PaaW14AUPewJE68buX52x7ithwTBuno7 RtAsYh7TPhgWn5hU3bmp90FuTTLu.vbdgRVYrR9ncpXyDIRJIa4Co6Qgj7E5 NnUH_kYirB.y8LQVuHNpGLhpsjL1KrSpWqqFTkRSDFinCTZPRT57U8fj1VJr eGICh2WdDqVJaqp1ZP08zMbE1CBMplm1eFPWu.jUj3xz1cJ2ABv6M3GO16fo NmqT5aldpdzAmp85IGyDC719ZSgCmIUfzjXzawGC_gq9qbucOZpceO6EA4v6 PaeTllQwCd2bfG48ZJb30JmOnsY9OS3pm9NsrJa8QeQVZOVnx_eCWkPUhKCk ZgCra_ORBqn7VLPbaigN8VwiL7NCL_vN2lrMMppQnUm9W7BudVdWfFcGKMnT ruo7Ydw_df_Y3tx.fFlPw_XmSY4PquJFRjGfcbYKLmbPWlTVwlHwsxelvt4m VwIj6PDnTzAb99xwbViUV4r7Ams8m3doHtcNy.gVriI359g0SxklbKQRCO9. 5eGQ3lyqIRNv2hspuoLcXbCdXCX9Npe54YeauRb7PRU5WB53_VoIt6gZowiC e9WYWlo_772FESIc7Qoz.ULWKgyPv7VtlhhECqPY9Ngb_5hzW9RzCltYTuD7 fW8VOTMwdHhjCgsfeAN2Q0l1uzOr54dwXuV9H3PXOl9b_eKvQBO7.SZV9z2v aBHDR8g.ZjPVjkP9Th31a1GAiYmdfoFGqV7gg_DiUIHM.W7kHuMgg34by9Mj SmxMCPpqeFO_vBLgFOuj8zz6SyeDq0R3AGsFC34HiqLP2q8_klenAY74FsjA fOaiyW0tqabfep43pgteG17ZDrurUy7tfdCwI.z6_Aq1Rl_Q.Q3zc8xrgX3D S5IOF2cwbfm5ziWlB1PtV3tZtSUzDzUHOniWf72KwTmkJOEuAkkzDtihfkoX DEShz3G_XZ1UdnP9xNOsYUelyl.fo4JMGGlwm8heS89x_Fk8CuLGFJK.2yHE UaarVQ–
X-Originating-IP: []
Received: from (EHLO ( by with SMTP; Wed, 30 Jan 2013 03:41:38 -0800
Subject: Your friend : YOU’ve Been Selected (Free Private Training) has recommended this great product from Scrappers Attic
From: “: YOU’ve Been Selected \(Free Private Training\)” <>
Reply-to: “: YOU’ve Been Selected \(Free Private Training\)” <>
Message-ID: <> RECEIVED_IP:


Posted by on 01/30/2013 in Uncategorized


Tags: , , , , , , , ,


I’ve been getting sketchy emails (LIKE THIS ONE) sent to my spam filter lately. I have no proof of a scam or attack but whoever is behind the account, whether a person or bot, keeps trying to get me to click on suspicious links. I never click anything.

The emails are similar but the reasoning is not always the same. This email, the woman claims her husband is out of town. I wouldn’t trust it!



Click Show Images To Enable Links.———————————————————————————————————


Return-Path: <>
Received-SPF: pass (domain of designates as permitted sender)
X-Originating-IP: []
Authentication-Results: from=; domainkeys=neutral (no sig);; dkim=neutral (no sig)
Received: from (EHLO ( by with SMTP; Tue, 29 Jan 2013 03:04:51 -0800
Message-Id: <>
From: =?ISO-8859-1?B?SkVTU0lDQSA8Mw==?= <>
Subject: =?UTF-8?B?TXkgaHVzYmFuZCBpcyBvdXQgb2YgdG93biA7KQ==?=

SUBJECT: My husband is out of town 😉
From =?ISO-8859-1?B?SkVTU0lDQSA8Mw==?= Mon Jan 18 19:13:42 2038 JESSICA ❤


Tags: , , , , , , , , ,

Suspicious Spoofed Craigslist Email


01/27/13, UPDATE – I received another phishing email by a supposed Craigslist user using the name Eduard Frank – I’ll will post the e-mails in order, newest to oldest, along with the header details.

I don’t have any Craigslist ads currently listed. Infact I don’t even list Craigslist Ads on the account I use to bait scammers so I was immediately suspicious when I received this Craigslist email alert. Not only are the two ‘Craigslist’ links spoofed (the actual URL is not Craigslist) — but the IP address is blacklisted on many anti-scam websites.

SUBJECT: i would like to buy your item from craigslist RECEIVED: Thursday, January 24, 2013 4:22 PM
From: Eduard Frank

EMAIL: Hi Am very interested in your item posted on craigslist : This is the same spoofed link from the previous emails. The actual URL is 

is it still available?


Return-Path: <>
Received-SPF: softfail (transitioning domain of does not designate as permitted sender)
X-YMailISG: f21Sl8cWLDuLkBRdjpHUdX9xerAr20OQ.qHh.cYAhFw5lSy9 InkNTHdcI2EA5oGO9s9WRGoE8X5ydhJMddl7xNfU7SS5DV.ZmEuoogthq2Mr ZvEhsMyuVJDUF.SjyE4Tc89NIsqgqTDyubXh8JCI4vlsSXzjTBeONvNIq6Kg cqZ8zxS3GmdYZWjr7H42UDM4exf6rEjAzJpgC8FAMm4ynJLZBkBoyWFfO2Ll qv.ng07yAnqBA3sFkFS_Y.CSVvZm88fwcMZlZyRi_4wzLBnT5yvTPIAuvqT5 tNs4bOiPVUJfXgqNLp7wrrOUqTjAkUqRUs66quJ6_O2JXVAoU.ZY6JoiL5EO kI0w0mTfK_Ywb.QBcTEUSmUWvqn_CQsUlSLAvyn.qxAh8Y2runI8uiQygKGz PJYlnCyv78fhIxh.nBTk_9CqekcGWowgPXwkvZapxZ5_jda.VjWRmrJQpk5Q 70.QaXHLbKcyWqGU_DdG7adHyc9kvV4EiGdecXmmVXU1qM_MUGmbhRHPkInj yzHCteTsIZesiuI0wKIPizjJTdqCC.NN.UiWyXZlMTJfPXtQTa4RlRBDDPyz Xy0ki7OZklAZBGKSTFhDY5BgR.NKTJ6XWiPXz9gttbYrBMBrNkY2HLd0zEHX 8NAX0o7PjQfXOIJ1a1EB.3ZhcDS7kWlm9ChTpiVdDLLcNq8IYZoGIXdR8X4R jHFX6pCqOPafF_ukxFRia_W66cmiyjhUISaBWM5GDA1bam3h8Q5iDQhonN0H mt38Vl9DJdp.0CCcpXnGj8EMezEmFErlX7riKAHti3bHf6B2psPM9F3Q66YD Yvev1gX2V8AXHutGkN5kqIbapmCsFrEcNlsQ6PWOa_MaF50swL7c3qegbBmB aX2qBolGvmVByMl7LRqFYxvUirxOQxoRYQgh3RsDrOckcbf6xCeNIX_BnCMK MHTpGaA4sYqPPKdCTky02qrqvsrC4jgmgJygFS.ok93p6xLaA7J18EWkLP0B 7HXxWRY4Gv70DVDXfCmC_W6S.wfF0Q96oxHXhE8eGCz32L.sDLEJ.lfp8PTT ta6RcLyAAW5spPFLk4cFqavI1kDCiU8FxlcCL0wbAWcL9MbA97xKPwuwfzTA onZcJp5qb2AhvBc2FN_LWuRAL6bE.1cit4BS_T1xjj6ZrGV9cm5KKu2Bb7tz rOMyUXhj_Jti6n0rBzP3FBJkgzc2j.vTFMrgV.gbGVH9vZRYfUui8ndHyPXU QaZMaLBHHys-
X-Originating-IP: []
Authentication-Results:; domainkeys=neutral (no sig);; dkim=neutral (no sig)
Received: from (EHLO ( by with SMTP; Thu, 24 Jan 2013 08:23:36 -0800
Received: from [] (helo=User) by with esmtpa (Exim 4.67) (envelope-from <>) id 1TyPZx-0002jO-Fi; Thu, 24 Jan 2013 11:23:05 -0500
From: Eduard Frank<>
Subject: i would like to buy your item from craigslist
Content-Type: text/html; charset=”Windows-1251″
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <>
X-ELNK-Trace: 8219d692fd5468d6d780f4a490ca6956d5d4673fe7faad86623ec139337907e38e9f230fcf1cb831350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c

Your posting has been flagged for removal.
Approximately 98% of postings removed are in violation of craigslist posting guidelines.
Please make sure you are abiding by all posted site rules, including our terms of use: This was a spoofed link with the actual URL being
If you need help figuring out why your posting was flagged, try asking in our flag help forum. Include posting title, body, category, city, how often posted, any images, HTML markup, etc.
If you feel your posting was wrongly flagged down (2% of flagged ads are) please accept our apologies and feel free to repost using the link below: This was a spoofed link with the actual URL being goo.gI/aiNwi
Sorry for the hassle, and thanks for your understanding.

Date: 1327114516
PostID: 24177504


Return-Path: <>
Received-SPF: temperror (encountered temporary error during SPF processing of domain of
X-YMailISG: 2h.FN3sWLDsEDE8qqS_yEcqB6M1HR9h.u85ZaLiGYL.IEQuU iab6_WhytOr0v8KZup3soVlAl7qxu2RiK1epX7ek6GeXBAj6poh2cJDD.zQg jPJjyPfclZKW_NnPFDTrSWD79AqrNkBBoJ5hW__LZXlZUz.ZLpSi3ZGXK4Ge VIQygP.nLCk6NbRgJn9twOcwwHoP9j9q6on5YSGUI.nb1gYsctI_PDBGrRnF KvveQMYnrrNG4DgZdrwZSRT2Ox8yP7gB51A8WWDw8krq9Pr5un4ainmeAweF XEuXHV0gt8Ow1O0rAIxiwCKOtJWaYKiesaCJl7_h6QSFdL1PpDwAqVZXazI0 QmP3DUNfRbb71rVQF.0VNpiFdohCTjJUO6uB0YxxGT6CZ10wN1eCKhe4eSPv e8vXdS37Jh0ofSMl9amPk1N5KfTnveNm2V6cqR1pA1vlUkaA_5CyVppBKBMz jtvxdFt.RDiMZzuE77R3OHnsdEvmu4PaX64_PEj.vf._aKc738JxzsFaHmf8 TQAsQMpo.WAEdh0b_5rITS4ima44rP.6UIKfFqAc31KrxVEBY9oGXCHB9nz9 V3nDA50qbSHIIagS9ZVZTstHWy4dum2Gaz9KgGNMoR6UIhnw4H6tagKAyPPY EnTD1ypXM8jQocv6l0dsJk3azMLION2iNB9P4Ow6gtjMwkVygfgFrchDUwRs fSxZ4_itBU3TG9KdPtUCdH5wUwuxAGiVBCjLVsLlg2d694opIOVX2J40BGRH IYhXAAfbxnnbpYnzY9.FWxSe.uRNv0UKJ5R91syZw_5x.ifYmztP8ZxSubqC 4PEvO1.qavB3u4KwY4riKy.H5mmZBAKLDx1EY4pYVofWYjywCEiVOuq0.KjM VszzfJPQT3i9fvKhxDE9THio9A1vagNxw1rThbN1v0cPF7CgwE1yGIXPKv3Y DjIOVLoI7C3ubQK1AioG3t6RCfO32iPiiefv0oWc4x6LYaDv0RMeO32XiVsm qoptc3moDkfy29NJAQZXHA9oO.GwX4fjNRIliMgY8OaK6zb2XRbBdDBfdD6f IVgVhUSeYJKmYxxWOmWP.DX1Jq2aZNU3LQ5MyOV0U054Ws9MRNZKjR3BJcCi 3tgqq1kcbrPHOhkWI0hjJNFaLZY8z3qLl41wPKkkq8H0FN0.6q._GbmNGB4z twsjMemUDLkyY32h.MUaQiL.3UvRYkY7mXIsQlCwKe4BeYyY0y03rcJMb3iF FIR2s29QvuOjBD7kRTSILNW1qwInYb3kFH_ODhQTUTLlYiic9f.M_uYkGXA0 X6nSS2lFS1d2hK.XlYnYjn49yt7oY0SVNiPQ6Z9FqiXwp4cT0cKnB6NX2NE8 DZGrkmlBsrgZmJA8n_9hHwi.7CKGEmLJnqP5MgQkCuKNEz_z0l7yYw22MkJH qqeHgmb75noxVzMTDd1KtfwgGTmnVGcBzo0vvAlk588aZfVAyXwXZMCX
X-Originating-IP: []
Authentication-Results:; domainkeys=neutral (no sig);; dkim=neutral (no sig)
Received: from (EHLO ( by with SMTP; Wed, 23 Jan 2013 12:58:50 -0800
Received: from [] (helo=User) by with esmtpa (Exim 4.67) (envelope-from <>) id 1Ty7Nq-0004nx-4X; Wed, 23 Jan 2013 15:57:22 -0500
From: Craigslist <>
Subject: flagged & removed 24177504
Message-ID: <>
X-Originating-IP: <>


Tags: , , , , , , , , , , , , , , , ,

Julian Thomas

Phishing Attack – MALWARE




Return-Path: <>
Received-SPF: pass (domain of designates as permitted sender) dWdpbnMvYWtpc21ldC91Z29vZ2xlLmh0bWwgATABAQEB
X-YMailISG: _QbkUa4WLDtDDImGzxIRh._8UctX7E_yEakMVKzPQVFgOxU2 f8BXgO9XOACNn18iN8QwyZUxCQjglxaLxh4l1dHKsh377v_gydQ1_Y9OFsPj 0k8K9DADiuebd2j.rmz9EnAaSwF2jdtNGDrTEPGS_EZilciswFOJti5hGzmy uPfoF.AJlwdTa9vYWnC.ijOt7dkRDUrJ6cPYFkuGK9Fa7Vy6.WWkGdmAlvxp mum7F6q6e6nOeCwHLK5Hi56e2QqN3TNT3M92wT5X9GDKvxGhTR1D5JebAs0D Ta_K6z1CLwIcycuHy81fSgDvcGZjMDMdBn6TlMal02B7KUXXEjZbKSdGMbCg p9_qnbQqoKeybTscfuwT.DeaW5AhOgxNxSMJQjuQlTzbdz0oyeQDVS.NrGdY aAXwBp8.oSejmBXdtuPWsPSo1QqhkvE4xOAH0JWR4Ffdc3aMV86DzbLZ5xgb k6OmZZq.LkWDm7WlSGboqNQZcjyHFIvZHHTArW_mv4OBklvqb04bzyxSsAFY mRbtLcROkVI0MupzMJPwSQY4uqXTvfAfD2cyV2Omx6udS23Zbi5BEJZV6VZr lFsiUFuddVHiDZYzOTgYaTQYUJuxzL0pLS9XQtIMwbFBZ7HzZ9PCxx0MpvEE p5EEdb5gDPidUiFjPEd8A7seTb0bft2VCgaWgybRiBYGyvTb5mAGXw3CrxHi 5pSRqwQdVr3_YSKPxD7ziKVD6yTHRI9n8cWJ_WYwF3XJRFvyOqq7.rM5gmlN Z1LMh8k8x_wTcVKMSYdlz1ELt_4H5CWL6IQM.juI_Ag59GSfmOThO40utvLr eth5EljfPr0IhUMOChtpZnsEbGXbrCe2bQRcr.u2LVQ2NoOX_g6nb_yX_ChG UAHULyY4IvpPsG9PpQol1gfSKVp_LSXF0dxzem4Wf6jKdRkswKe3yZpFrXmF o2kEOJtCqwCrk05Z0naHjZiQ4IOHWT7nzM3oNiW1eaobvAyip1W7bZvG6chd HGiLQ8JEarox2qFrPCzTj8RDVl66byTZ4v0XN8MrkIcq7MxM1oZRibWXniOQ wn1Zj03LkieeflXlhgZNUi566Ced5zol9ousQfqUVBQeH46.5038.6aWFmv4 iM1tBAPuh9SxdV5FcHr_rCGgQ1CUYvOcWwhWHnIHACk_tvpIyXZLXSDBd5Tv 4P.FV6_D
X-Originating-IP: []
Authentication-Results:; domainkeys=neutral (no sig);; dkim=pass (ok)
Received: from (EHLO ( by with SMTP; Sat, 10 Nov 2012 02:23:05 -0800
Received: by with SMTP id m10so3261400iam.4 for <>; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=X/EcyHI7fCzBVRIZx1ZLHDvk8NTmX3HJwBi5boQXb1Q=; b=oYfe6tprlmGl4KQGlch5xN9W/sfJdTSxywTJ0RPlOyKp92uoBSeDrC7gi6Cju6EujQ VdKZO205dG3h2pX64Wt+vQiAjwONADSwU0jZ4NGFie+TzVWM9Hfs5RTrpgSDHrRr+E93 ElhMjrYS1fpk3P4LxqPgSzZQFWZV8XGwMUE24Hz16+0AAu0w7cd11I5h7d//s8sIY7MA wmKpBHSg7wxoBMdQ0gik6WGNcTFb5RTY/YF8rYv/6hQY1geA6XGjIRW0iBeUWALv9TBH G6aLZyUkbNeiqwRBsWou2dNAljQgW1UDYlDrPpu6fvSDVhDGhrPZsOjT1xHgFeLuO3xK k1dQ==
MIME-Version: 1.0
Received: by with SMTP id g16mr3131462igd.23.1352542985776; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
Received: by with HTTP; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
Date: Sat, 10 Nov 2012 11:23:05 +0100
Message-ID: <>
From: Julian Thomas <> Add sender to Contacts

“Julian Thomas” <>


Tags: , , , , , , , , , ,


Malicious Spoofed Link – possible phishing attack 


EMAIL: hi 26/f/pics on cam now just verify email to video chat!


Return-Path: <>
Received-SPF: neutral ( is neither permitted nor denied by domain of
X-YMailISG: qPvS.KQWLDsGJUmY3MbBzPQVwEIAW6pX9nT_FRkAs4dB_xAB cA.8cb_cGPtxKp3wDsjrND5DOE4csPHftlkVPYxNjb4yOsNa3zOht3WoPgb7 TMvSwVdUuKDhvxceMFvUmT6wTfqB9xaFBKMhGhnWa56VtA1SWtb3Gj7sZBNn LlDQLwADeZWOa6eORKaD1_yPNiVuykFq1Ak2aAvkYRq6Z4LHT4pS3SKj7fsl ncrcz34Qou7gjYbgF6WMdV7KDB2JsgNG1h7kz7fn8v4.2LmHq_ZU8xU1Nvq_ afRVjA.l7RJBlmUCaef7Fw6R5hM0lI00uN4ybgiLnzor_rpxCJ3spikN5EFQ ctqK5Q05ZGZ738KYb.Ek0Yjrtk2wr_WnJPRMup24chF7AeE1ODbTVrYAdCky 2y5NxO7pRnFiKVMEIohhYuiEukLLqsrV.lWDwY.X59akRcHbTv.NpkiZ2oJJ osk_4jF2myOT.hfR2gy2A4l6Dg1EN5vZpxNzaDpMB_gmZn0bK64mq2QVyL8E hOsVYHtBab1T8kpPEYk_JpiwT0XwDZFlYkdcViX1Hn6_R_2OOjI20mjXhWyV lgCBgo_NKWxI5Ap423vYjjBrnBlSQU1c_2Inh_sPsu3K1qvbcaYFoqBQf9MP 2xjN2BjhrNsWyYr6S2QJ.wUNgzVHNCJ4z3.lFOKqESZ.WBBRQvQLzoIw6JQQ Y1vTkzMQykpHRbCKNbXbcFZ34hDsucPisAhyh6sE8Rl2qK6eEqtO.FbN67OE 54T5tWVTSZbOhONjKMPKTCvb3gIoO6X06eMpoZ_.y0E91nd8.81OqUGA0cPN uVyO3l5RCWhO5Hdj6wAlJJD3JMYA0YmIygWwylP4iro9N9aQ30kItLr5S2x6 v_Z_bBx6br4ugDurns43R71gwoGBZHAQqwsv7nmOYx8c4M9pVGDSnRdPVMLL 31riaJUazFW3nMRvJM1XFI9LBlH8CkG62n7KFz7i9e6fuVdDslNymQkGGG95 YCXMu.RBQ_p9O3BeYrHtjQmIBUCXMv6ij27WVQAStvEQfCc-
X-Originating-IP: []
Authentication-Results: from=; domainkeys=neutral (no sig);; dkim=neutral (no sig)
Received: from (EHLO ( by with SMTP; Sat, 01 Dec 2012 18:35:37 -0800
X-ASG-Debug-ID: 1354413462-0cf271cd0001-SjFj3c
Received: from ( []) by with ESMTP id UZQG3AC9P35AdP3H for <>; Sun, 02 Dec 2012 02:57:42 +0100 (CET)
Received: from localhost (localhost []) by (8.14.3/8.14.3/SuSE Linux 0.8) with ESMTP id qB21vhhL022631 for Sun, 2 Dec 2012 02:57:43 +0100
MIME-Version: 1.0
X-Mailer: AtMail PHP 5.06
Message-ID: <>
Content-Type: text/html; charset=”utf-8″
Date: Sun, 2 Dec 2012 02:57:43 +0100
Subject: 26/f/pics
X-ASG-Orig-Subj: 26/f/pics
Content-Transfer-Encoding: quoted-printable
X-Barracuda-Start-Time: 1354413462
X-Virus-Scanned: by bsmtpd at
X-Barracuda-Spam-Score: 1.00
X-Barracuda-Spam-Status: No, SCORE=1.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=4.0 tests=BSF_SC0_MV0152, BSF_SC0_TG163b, HTML_MESSAGE, MIME_HTML_ONLY, NO_REAL_NAME
X-Barracuda-Spam-Report: Code version 3.2, rules version Rule breakdown below pts rule name description —- ———————- ————————————————– 0.00 NO_REAL_NAME From: does not include a real name 0.00 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.00 HTML_MESSAGE BODY: HTML included in message 0.50 BSF_SC0_MV0152 Custom rule MV0152 0.50 BSF_SC0_TG163b Custom Rule TG163b
Content-Length: 275


Tags: , , , , , ,

“Michael Brewer”

SUSPICIOUS EMAIL – Sending unknown links in emails – I don’t trust it and i’d advise you not to click on any unknown links sent by unidentified online users (or bots) (FYI, I havn’t had a Craigslist ad up in months so any emails i’m receiving by people claiming to be from Craigslist are liars.)

Hello, my name is Michael.  I am a US Marine veteran, and I was just viewing your ad on craigslist.
I would like to show you something that I believe can help you.

I didn’t believe it when my friend approached me.  
After seeing his results I decided to follow his link.
My life has changed because of it.
But don’t take my word for it. Visit my link and see for yourself.

Best Regards,
Michael Brewer
Here’s the link.

Link was here

I didn’t click on the link and didn’t want to post it and have someone else accidentally click it. The Link said http://networthgain(dot)com and the URL was networthgain(dot)com with no ‘http’



Return-Path: <>
Received-SPF: neutral ( is neither permitted nor denied by domain of
X-YMailISG: S6Vh9hcWLDubgDGy_xQOlA8KEUP57lQplXkxzdnkuUs5UTL8 IHAmaELNCB5lqzGFOk5uiGRU.rDHF4wjb849pP2PZroMduwL2hY8.ksxIG04 IjjzxTS5BJRc6bn04pfF6hvl8OavbAl3NpZcoSSUColwAiiO1fhMWBNOUc_N grTMJdWNiFrmvDGExWJaTIIlpapw82RvCqcWkE.nMMM7KX1OIQLFiEPIfL9u U0jkH5hFS52wiy7TTFfnfFGPMWMQWJXkRYUs8kohLVKvDLtsk4fg5ZwdjBko D4ZclazthTgrDeMj6ps1EqHkQVQesZk9rBGKs4wrK.zQuJj52qe26VENjFjl PZjE2RcBAS.g_dOPyyBcOtpKBawWyHz08_X42qtLaCBlcDmt2XBb7iyCf3yE XYhV1SNVLWAG1BwoAQ_ufTQOrotoQEtwbMcPPlKU2.LXyvZMCDdt9exzI7au LaedSKChCnq0bl5V1JVfM8Ub2K1Ugla2_9YgIK4wveaD7V1uKe1sGBCfGaa5 alRTJJ2zl4uwynAFwDmLEWro1SOqIgchab.FaYsfGJCU8VPfnrFv.VzLSfKl 5uEKniX.4dBvbP4SeqH84n5AzGze8hjt_KiNu1J4hp5J_Cy_48ValPe0Dk9a G4LRVcHWvoKEIv4BPWO5OoHras6XYBAuDUuZDf9pffMJlLzkHoHDyoD6V8ef JF70e8WwFK73wvj9cqOHFKvjMlzeQjUuJ6w34nfVfo5dhNNPPr6GTEA5hkaR 3k3VvU67uh2ecUQytwpal02AaqEPS2ksVwA_zwByf286er2U7Vva1CZztWog .1eecc2V6fPlTTCuNn0XdGXRaFuUUIqx81_qXKcwLEl9em_a4cc2T9yzKVtL PqMDRBlyLXbH_WAwRl5fcjr9ifrbyGtd.IorpAF7NSl4wxwaUHlWpxwo44Fs ZoSh.Sgq69SxyDrwW2YrBff5dZWNCGfdMKJP8naMy46AhWb07SAlFFxj6im. T_1V6EdBnONACh36oCI8Efa99ahNQX8bbJK3pHygTBGqb5LBUdA2bkvt6G0p mursgi3SHF053GAxCeiy8srOdJ5n8keAADLFNNpwCcuNmvWvaYXMRmw3MFow cbSbl.tUYo3.cWhOgQVTUBUq0O3.keasOT9HNv5.4zfVcm7HNe5g4bUhlUMm VNxc0U_pF4LspgcPAWVMMyHCBSRVJXZ0sHMyxAAj0FTGXBp3TKoha4ENrFe2 5wgQk.8VMBQxL83aMQBCEejwHcBwVz8QQDROc9RHs_NmpZgDQ0vSSDzttOX. fvFTVavHkYCbvPUbkVpd.j49mA–
X-Originating-IP: []
Authentication-Results:; domainkeys=neutral (no sig);; dkim=neutral (no sig)
Received: from (HELO ( by with SMTP; Fri, 12 Oct 2012 01:20:40 -0700
Received: (qmail 28821 invoked by uid 0); 12 Oct 2012 08:20:40 -0000
Received: from unknown (HELO ( by with SMTP; 12 Oct 2012 08:20:40 -0000
Received: from [] (port=63105 helo=Kokunai-PC) by with esmtpa (Exim 4.76) (envelope-from <>) id 1TMaU3-0001Wc-VB for  Fri, 12 Oct 2012 02:20:40 -0600
Message-ID: <024463a9-41194-06891390529514@kokunai-pc>
Reply-To: “Michael Brewer” <>
“Michael Brewer” <>
Subject: Craigslist Reply…
Date: Fri, 12 Oct 2012 03:20:14 -0500
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-Identified-User: {} {sentby:smtp auth authed with exceptk3}


IP – Host:

IP – Host:

Michael Brewer — —


Tags: , , , , , , , , , ,

Smartphone users should be aware of malware targeting mobile phones

The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.

FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.

Safety tips to protect your mobile device:

  • When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
  • Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
  • With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
  • Review and understand the permissions you are giving when you download applications.
  • Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
  • Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
  • Be aware of applications that enable geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
  • Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.
  • Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
  • If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
  • Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
  • Avoid clicking on or otherwise downloading software or links from unknown sources.
  • Use the same precautions on your mobile phone as you would on your computer when using the Internet.

If you have been a victim of an Internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at

Leave a comment

Posted by on 11/30/2012 in Other


Tags: , , ,

%d bloggers like this: