[ale] weird SPAM

Warren Myers volcimaster at gmail.com
Tue Aug 22 15:44:45 EDT 2006


we managed to block all .jp addresses a couple years ago at my school -
someone noticed that our spam was almost exclusively from .jp, so they
blocked it.

Didn't notice any problems, either, until all the students studying abroad
in Japan started to complain they couldn't send and receive email :)

WMM

On 8/22/06, Jeff Lightner <jlightner at water.com> wrote:
>
> Funny - Security admin here blocked all .nl addresses.   The new CEO
> from the Netherlands couldn't send email to anyone here at the corporate
> office.
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Bob
> Toxen
> Sent: Tuesday, August 22, 2006 2:36 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] weird SPAM
>
> Yes, there's been lots of spam lately claiming to be from Circuit City,
> Home Depot, Target, and Best Buy.  Much of it from .ru, .ch, etc.  For
> one of my spam filter clients, we block all .xy extensions except for
> the few countries whose organizations they exchange email with.  There's
> an override, of course.  This is blocking lots of spam with no loss of
> legitimate email.
>
> Bob Toxen
> bob at verysecurelinux.com               [Please use for email to me]
> http://www.verysecurelinux.com        [Network&Linux/Unix security
> consulting]
> http://www.realworldlinuxsecurity.com [My book:"Real World Linux
> Security 2/e"]
> Quality Linux & UNIX security and SysAdmin & software consulting since
> 1990.
>
> "Microsoft: Unsafe at any clock speed!"
>    -- Bob Toxen 10/03/2002
>
> On Wed, Aug 16, 2006 at 09:53:43AM -0400, Mark Wright wrote:
> >
> >
> > I usually ignore spam but this has me curious why it has been sent.
> > It looks like a receipt for a purchase at Circuit City.  My first
> > thought I assumed it was legit and that a credit card number had been
>
> > stolen.  I checked my accounts and none had been used.  I called
> > Circuit City and they apologized and said it was a computer screw up
> > on their part.  The IP in the header maps to .ru so I don't think
> > Circuit City had anything to do with it.  Strange that the lady on
> > the phone said it was their fault and not spam.
> >
> > I assume that it must be attempting to deliver a virus.  All my boxes
>
> > are Linux except my Mac laptop.  I don't run virus software but I do
> > wonder when attackers will start to target the rest of us.
> > Has anyone seen this yet?  I am curious how I could find any
> > malicious code in the email.  Any of you security guys do anything
> > like this?
> >
> > Here is the text.  It contained a .zip attachment that I am not
> > forwarding.
> >
> >
> >
> >
> >
> > Dear Customer,
> >
> > Thank you for shopping at our shop !
> > This e-mail is to inform you that your order has been shipped out.
> > The following information is for your reference (see details in the
> > attachment):
> > * Order No.:  Z3566043
> > * Order Date:  08/13/2006
> > ------------------------------
> >     SUBTOTAL : $1,769.99
> >     SALESTAX : $0.00
> >     SHIPPING : $16.81
> >     TOTAL    : $1,786.80
> > ------------------------------
> > * Ship Via:  FDX Overnight Delivery
> >
> > [Ship Date :] 08/14/2006 [Tracking No:] 708745655472
> > Please note that if your order includes more than one package, the
> > packages may not be delivered at the same time due to the shipping
> > carrier's
> > schedule and the delivery method, and this is out of our control.
> > In addition, backordered items will be shipped separately.
> > You may check the status of your package's progress at our website.
> > Simply click on "Customer Service", then log into the "Member Center".
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > Customers who leave comments for us at either ResellerRatings.com or
> > Pricegrabber will be eligible to receive a flash drive or other
> > cool prize! FOUR drawings will take place every month -- one drawing
> > from each review site on the 1st and the 15th of every calendar month.
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > Thank you for shopping with us!
> > 15% restocking fee applies to all refunds. All products must be
> > returned in like-new condition, including original packaging and
> > all documentation and accessories. Charges will be applied for all
> > missing accessories or parts.
> > Our shop will not accept items that have been physically damaged or
> > misused. Return periods for different product categories range from
> > zero to 30 days.
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



-- 
http://warrenmyers.com
"God may not play dice with the universe, but something strange is going on
with the prime numbers." --Paul Erd?s
"It's not possible. We are the type of people who have everything in our
favor going against us." --Ben Jarhvi, Short Circuit 2
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list