April 2010 Archives

Facebook: Password Reset Confirmation! Important Message

user-pic
By John Highway on April 26, 2010 7:48 PM 0 Vote 0 Votes
Share Share
facebook-password-reset.png
You know, nothing good ever comes out of China, not the dog food, not the toys, not even the e-mail, which was where this e-mail originated from.

I'm sure this e-mail has been around the internet for a while now, an e-mail trying to make itself seem like it originated from Facebook Security.  But why would they send you an attachment and why would they send it with the salutations as generic as "Dear user of Facebook".  As Facebook Security, you would think they have access to your information, at least your name, instead of starting it off as "user of facebook".  Learn to capitalize.  "Thanks, Your Facebook" ????

Well, whoever programmed this worm to send out this fake e-mail needs to work on it a lot more when it comes to presentation.

Received: (qmail 14489 invoked from network); 26 Apr 2010 19:24:49 -0400
Received: from unknown (HELO LHZQXMPMNV) (113.227.200.139)
  by XXXXXXXXXX.XXX with SMTP; 26 Apr 2010 19:24:48 -0400
Received: from 113.227.200.139 by dev.null; Tue, 27 Apr 2010 07:24:46 +0800
Date:    Tue, 27 Apr 2010 07:24:46 +0800
From:    "Facebook Security" <login@facebook.com>
X-Mailer: The Bat! (v3.0.0.15) Educational
Reply-To: joelj1@TheLawnMan.com
X-Priority: 3 (Normal)
Message-ID: <115938311.59530933606448@TheLawnMan.com>
To: XXXXXXXXX@XXXXXXXXXX.XXX
Subject: Facebook Password Reset Confirmation! Important Message
A look at the originating IP address indicates that it came from China:

inetnum:      113.224.0.0 - 113.239.255.255
netname:      UNICOM-LN
descr:        China Unicom Liaoning province network
descr:        China Unicom
country:      CN
admin-c:      CH1302-AP
tech-c:       GZ84-AP
remarks:      service provider
status:       ALLOCATED PORTABLE
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP
mnt-lower:    MAINT-CNCGROUP-LN
mnt-routes:   MAINT-CNCGROUP-RR
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be updated by APNIC hostmasters.
remarks:      To update this object, please contact APNIC
remarks:      hostmasters and include your organisation's account
remarks:      name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:      hm-changed@apnic.net 20081208
changed:      hm-changed@apnic.net 20090508
source:       APNIC


Reblog this post [with Zemanta]

Webmail: Your mailbox has exceeded the storage limit

user-pic
By John Highway on April 14, 2010 10:32 PM 0 Vote 0 Votes
Share Share
Looks like either a server had been compromised or someone at the California State University in Northridge decided to try his/her hand at attempting obtain information or maybe inject a worm/virus onto your computer.

webmail_exceeded_01.png

Received: (qmail 31022 invoked from network); 14 Apr 2010 21:31:07 -0400
Received: from rohu.csun.edu (HELO exchange.csun.edu) (130.166.5.59)
  by XXXXXXXXXXXX with (RC4-MD5 encrypted) SMTP; 14 Apr 2010 21:31:07 -0400
Received: from CSUN-EX-V02.csun.edu ([130.166.5.50]) by rohu.csun.edu
 ([130.166.5.59]) with mapi; Wed, 14 Apr 2010 18:31:06 -0700
From: "Harris, Matt L" <matt.harris@csun.edu>
To: "web12@web3mail.com" <web12@web3mail.com>
Date: Wed, 14 Apr 2010 18:31:05 -0700
Subject: Your mailbox has exceeded the storage limit
Thread-Topic: Your mailbox has exceeded the storage limit
Thread-Index: AQHK3DtRDngNxnIjEUK+gzUoUJKX3w==
Message-ID: <A27A52097686DC4DA76C6E2FB114348C3BD395CC12@CSUN-EX-V02.csun.edu>
Or maybe it's a comprised system.  Below is a copy of the text.

Your mailbox has exceeded the storage limit which is 20GB as set by your webmail administrator,
you are currently running on 20.9GB, you may not be able to send or receive new mail until you re-validate your mailbox.
To re-validate your mailbox please CLICK below and you will be redirected to your webmail upgrade form which you are to
fill and submit fot your mailbox upgrade.
To re-validate your mailbox please
CLICK HERE
<a href="http://jotform.com/form/1103203219%3EThanks">Thanks,
Webmail Administrator.

JOTFORM.COM is a registered domain with GODADDY.COM, INC.

Registrant:
   Interlogy, LLC
   5214 39th Ave Apt 2C
   Woodside, New York 11377
   United States

   Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
   Domain Name: JOTFORM.COM
      Created on: 09-Nov-05
      Expires on: 09-Nov-12
      Last Updated on: 18-Feb-09

   Administrative Contact:
      Tank, Aytekin  atank@interlogy.com
      Interlogy, LLC
      5214 39th Ave Apt 2C
      Woodside, New York 11377
      United States
      2035555555      Fax --

   Technical Contact:
      Tank, Aytekin  atank@interlogy.com
      Interlogy, LLC
      5214 39th Ave Apt 2C
      Woodside, New York 11377
      United States
      2035555555      Fax --

   Domain servers in listed order:
      NS1.INET-SVCS.COM
      NS2.INET-SVCS.COM
      NS1.GEODNS.NET
      NS2.GEODNS.NET

Reblog this post [with Zemanta]

FedEx: "Good Day"

user-pic
By John Highway on April 7, 2010 10:47 AM 0 Vote 0 Votes
Share Share
I've never had an interest in the sports of Soccer (futbol) and I've never been to nor have I ever contacted anyone in South Africa but I still got picked from a lottery and I'm the winner of a sum of 850,000 USD!  But wait, there's more!  I also won a HP computer with wireless keyboard which will all be delivered once I've confirmed myself by providing personal information.

Yah, not!

Spelling mistakes and an email address that's not officially used by FedEx ... I mean, they have their own domain! Why use Hotmail? Need I say that everything in this email screams out "SCAM!!!!"

Good Day!!!
We have a Parcel that belongs to you from the SOUTH-AFRICA WORLD CUP 2010
COUNT DOWN PROMO. (ATM CARD)contains the sum of Eight Hundred And fifty
Thousand Dollars ($850.000.USD) (BlackBerry Mobile Phone) and a Hp computer
with wireless keyboard , which will be delivered to you the moment all the
required information is comfirm to the FedEx Company before the package can
be shipped to your residential address in your country. Further more, Your
Parcel (ATM CARD) (BlackBerry Mobile Phone) (Hp computer ) was brought to our
office via Lottery Fiduciary Claims Agent of MTN-Telecommunication Company
being one of the recent Sponsor of the SOUTH-AFRICA WORLD CUP 2010 COUNT DOWN
PROMO. signifying that you are one of their lucky winner of the Lottery Award
Promo 2010 which was selected randomly. Your e-mail address was short listed
among the (20) lucky winners. Please send your details as listed below to
FedEx Delivery Company for delivery,
Thank you!
_________________________________________________________________________

NAME:
SEX:
COUNTRY:
STATE:
HOUSE ADDRESS:
OFFICE ADDRESS:
OCCUPATION:
MOBILE NUMBER:


FedEx
31 1st Street, Bezuidenhout Valley, Johannesburg
South Africa
FAX : (27) 11 618 - 2195
fedex00delivery2010@hotmail.com


Reblog this post [with Zemanta]
Create Entry
Blog Home | Archives | May 2010 »

About this Archive

This page is an archive of entries from April 2010 listed from newest to oldest.

May 2010 is the next archive.

Find recent content on the main index or look in the archives to find all content.