Spam with a bonus — ‘Oops’
| Hot: |  | |  | | |
I recevied a rather interesting spam the other day and it would seem to have included some well private details. It looks like this email contains login information for various mail systems but I honestly did not follow up with it. I figured it may be of interest to the owners of these sites so I’m posting it here rather than attempt to start tracking abuse emails for various domains.
Return-path: <mrslyns_mcj@live.com>
Envelope-to: x
Delivery-date: Tue, 08 Dec 2009 07:47:39 -0500
Received: from svr3.acecommunications.com.au ([209.62.44.42]) by
x with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69)
(envelope-from <mrslyns_mcj@live.com>) id 1NHzTb-00009j-UU for
x; Tue, 08 Dec 2009 07:47:39 -0500
Received: from User ([82.128.38.207]) (authenticated bits=0) by
svr3.acecommunications.com.au (8.13.8/8.13.8) with ESMTP id nB8Cc9cN019946;
Tue, 8 Dec 2009 23:38:20 +1100
Message-Id: <200912081238.nB8Cc9cN019946@svr3.acecommunications.com.au>
Reply-To: <barr_lanre-martins@mail.kz>
From: “Mrs Lynda McJames”<mrslyns_mcj@live.com>
Subject: Good News!!!!!
Date: Tue, 8 Dec 2009 04:39:50 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset=”Windows-1251″
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam-Status: No, score=4.5
X-Spam-Score: 45
X-Spam-Bar: ++++
X-Spam-Flag: NO
64.29.145.202,test,tset
212.118.13.59,admin,admin123
202.117.80.5 william
202.82.52.119 spam
202.190.233.11
stephanie
barristerlanz_martins@mail.kz
203.191.38.102
support
212.158.169.69
test test …..
2009 08:09:57
70.184.242.102
test
outbound.host.sk
southweb
konamis12
83.111.75.140
director
209.62.44.58
james
compuplay@telebucaramanga.net.co
uwc.telebucaramanga.net.co
compuplay
190.81.122.242
oracle
66.71.48.233
postmaster
password
88.191.99.75
test
123456
61.135.202.67
test
61.135.202.69
test
smtp.mailsnare.net
goodweb@mailsnare.net
123456
202.75.223.163
test
1234
84.20.18.112
postmaster
84.12.12.149
tony
Mercury XDD s/n: 17D6BFFC84406D4C 195.88.6.195,test,test 195.166.237.7,test,test 213.246.43.132,test,test 83.111.75.140,director,director 70.38.92.92,director,director 70.38.92.94,director,director 61.220.68.98,test,test 212.115.255.11 support,support 212.123.8.90 student,student 87.118.115.120 test,test 124.128.38.18 test test 116.228.18.66 test test 94.125.227.5,PlcmSpIp,PlcmSpIp
12.164.48.35 reception reception
mrslynmcj@live.com
Attn: My Dear,
I am Mrs Lynda McJames, I am a US citizen, 48 years Old. I reside here in New Braunfels Texas. My residential address is as follows. 108 Crockett Court. Apt 303, New Braunfels Texas, United States, am thinking of relocating since I am now rich. I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over US$60,000 while in the US, trying to get my payment all to no avail.
So I decided to travel down to Nigeria with all my compensation documents, And I was directed to meet Barrister Martins Lanre, who is the member of COMPENSATION AWARD COMMITTEE, and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake. He took me to the paying bank for the claim of my Compensation payment.
Right now I am the most happiest woman on earth because I have received my compensation funds of $1,800,000.00 Moreover, Barrister Martins Lanre, showed me the full information of those that are yet to receive their payments and I saw your name as one of the beneficiaries, and your email address, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Barrister Martins Lanre.
You have to contact him directly on this information below.
COMPENSATION AWARD HOUSE
Name : Barrister Martins Lanre
Email: barr_lanre-martins@mail.kz
Phone: +234-806-948-7732
You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing and make sure you send him your full details.
Full name:…..
Mailing address:…..
Country:……
phone/fax number:…..
age:……
occupation:……..
The only money I paid after I met Barrister Martins Lanre was just US$380 for the paper works, take note of that Once again stop contacting those people, I will advise you to contact Barrister Martins Lanre so that he can help you to Deliver your fund instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction.
Thank You and Be Blessed.
Mrs Lynda McJames.
(C) 2009.
As you can see much of the regular spam/scam/phish detail is included, but at the start of the email body a series of IP addresses and what could well be account names and/or passwords are included. Why this is I’m not sure but if you happen to be the owner of one of these I’d be taking a hard look at your systems for possible compromise. From the looks of it this was probably sent from a infected Outlook Express Client on a Windows PC from a ISP in Australia. However not verfied at this point. If I get any more details about this I’ll be sure to follow up with the appropriate parties, but at this point it would seem to be a big ‘oops’ from the spammer/bot that sent this and may offer some investigators some insight into its workings.
related post
- Unlocker 1.8.7 Infected with Trojan Adware
- Malware Discovered In Ubuntu -- Gnome Screensaver and Gnome Theme
- Adding Windows Shares to Rythmbox
- Apple Boots Molinker For Gaming Apps Store Rating System
- Unknown DOC file in email a7b207839f751a525f2328f3a07e7cb9
I think it’s very humorous that the email contained a Copyright symbol. How many people actually do this?