Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Dodgey Looking Email

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
MagicalAndy
Newbie


Joined: 30 Jun 2007
Last Visit: 01 Jul 2007
Posts: 2
Location: UK
PostPosted: Sat Jun 30, 2007 3:03 am    Post subject: Dodgey Looking Email Reply with quote
I got sent the following today from From: "NetFunCards.Com" aka osfq@acostamed.com:

Quote:

Good day.

Your family member has sent you an ecard from NetFunCards.Com.

Send free ecards from NetFunCards.Com with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep
the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

--------
OPTION 1
--------

Click on the following Internet address or
copy & paste it into your browser's address box.

hxxp://82.247.107.16/?6a4bc955099675c50080d02

--------
OPTION 2
--------

Copy & paste the ecard number in the "View Your Card" box at
hxxp://82.247.107.16/

Your ecard number is
6a4bc955099675c50080d02

Best wishes,
Postmaster,
NetFunCards.Com


Given that barely anyone in my family except me knows how to switch a computer on. Am I right to be highly suspicious? And if so, where might such a link lead?

Andy

Dangerous links disabled by admin.
Back to top
View user's profile Send private message
Nightmaretony
Warrior


Joined: 15 Mar 2005
Last Visit: 30 Jun 2011
Posts: 256
Location: Meadowbrook
PostPosted: Sat Jun 30, 2007 7:02 am    Post subject: Reply with quote
hint 1: if they give an ip as the email thing, then most likely it is bad news. Do NOt go there under any circumstances.

hint 2: do a google search on it. get Search Advisor to help out. For example, if it seemed more honest and said www. myfunEcards.com, then type that into google and see what comes up.

The same applies to job search websites. I was able to avoid a bunch of fraudulent ones while job hunting by just using that simple trick. Worked like a champ.

Potentially dangerous link broken by admin.

Edit by Tony: link was fictional but good call there, but it gets the point across)
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park

Last edited by Nightmaretony on Sun Jul 01, 2007 12:13 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website AIM Address
ld
Warrior


Joined: 01 Mar 2005
Last Visit: 29 Jul 2010
Posts: 185
PostPosted: Sat Jun 30, 2007 8:18 am    Post subject: Reply with quote
These emails have been spammed out heavily in the past few days and take you to sites that try to exploit your browser and install bad stuff. Here is some more information:

http://isc.sans.org/diary.html?storyid=3072
http://isc.sans.org/diary.html?storyid=3063
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
PostPosted: Sat Jun 30, 2007 1:04 pm    Post subject: Reply with quote
This nonsense hit my spamtrap, too. Smile

MagicalAndy, if there were such a service and it were used by any of your family members, it would contain a familiar name or at least email address that would reveal the sender. This one here, however is entirely anonymous and can be sent in bulk without the necessity to adjust anything.

Furthermore:
  • both the sender's address and the download location would be something with NetFunCards.com.
  • the sender's MTA would be within the same ip allocation (first received line involving an ip address not from your isp's or domain's mail server) of NetFunCards.com.
  • the postmaster surely hasn't got that much to do with sending postcards as it's the administrator of the email servers. His/her job would be keeping the system up and running.

As already suggested, if something has a fishy odour, searching Google for characteristic sequences may soon reveal the true nature of the postcard. Such a search will pe particularily successful if you try searching the NANAS archives, which should be up to date regarding the latest spam runs.

Olliver
Back to top
View user's profile Send private message
MagicalAndy
Newbie


Joined: 30 Jun 2007
Last Visit: 01 Jul 2007
Posts: 2
Location: UK
PostPosted: Sun Jul 01, 2007 2:21 am    Post subject: Reply with quote
Thanks for the info guys, I appreciate your comments/advice.

Apologies for leaving the email links in the post, I wasn't concentrating.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group