[ale] new email scam: Paypal forgery

James P. Kinney III jkinney at localnetsolutions.com
Wed Nov 5 09:31:04 EST 2003


On Wed, 2003-11-05 at 09:09, Fulton Green wrote:
> Um, "microsoft.com" isn't compromised, and that's not MindSpring doing a
> reverse-lookup.  Instead, "microsoft.com" is what the spamming relay
> reported to MindSpring as its HELO value during the beginning of the SMTP
> session, and the IP address in brackets (which is most likely the actual
> address of the spamming relay) is within CableVision's cable modem network:
> 
> 	$ host 24.188.106.56
> 	56.106.188.24.in-addr.arpa domain name pointer ool-18bc6a38.dyn.optonline.net.
> 	$ whois optonline.net
> 	(yadda yadda)
> 	(contacts with CableVision.com addresses)
> 
> Consumer broadband PCs infected with trojans are now the primary delivery
> systems of choice for rogue spammers everywhere.  Swedish ISP Telia
> recently stepped up its efforts against this type of attack (look through
> this week's Slashdot headlines for more info).
Thanks for the explanation, Fulton. I don't look at email headers unless
I see something weird (this qualified) and I don't know all the
particulars of email being transfered around. That helped me understand
a lot. 

Compromised Microsoft home-user machines. Gee, I wonder if that is going
to be a problem...
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list