iTunes: Thank you for buying iTunes Gift Certificate!

user-pic
By John Highway on May 10, 2010 9:31 PM 0 Vote 0 Votes
Share Share
Be on the lookout for email that's suppose to be from iTunes with the subject "Thank you for buying iTunes Gift Certificate!"  It contains a zip file marked as "iTunes_certificate_247.zip" about 25 bytes in size.

itunes_gift_certificate_spoof.png
When you examine the email headers, you will see that the email didn't come from the iTunes/Apple mail servers.  This email originated from mail.pizzaandpizzas.com

Received: (qmail 26872 invoked from network); 7 May 2010 00:55:44 -0400
Received: from unknown (HELO BNFWYFODZ) (203.76.125.195)
  by XXXXXXXXXXXXX with SMTP; 7 May 2010 00:55:22 -0400
Received: from 203.76.125.195 by mail.pizzaandpizzas.com; Fri, 7 May 2010 11:55:19 +0700
From: "Your  iTunes" <account@itunes.com>
To: XXXXXXXXXXXXXXXX
Subject: Thank you for buying iTunes Gift Certificate!
Date: Fri, 7 May 2010 11:55:19 +0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
  boundary="----=_NextPart_000_000E_01CAEDA1.7DF24F30"
Message-ID: <000d01caeda1$7df24f30$6400a8c0@spriestl07>

An ISP in Bangladesh (203.76.125.195) accessed the mail port on mail.pizzaandpizzas.com, a domain name owned by an Italian company.  Of course, all these simply means that this email did not originate from iTunes or from may authorized Apple-owned company.

inetnum:      203.76.96.0 - 203.76.127.255
netname:      LINK3
descr:        Link3 Technologies Ltd.
descr:        Internet Service Provider, Dhaka, Bangladesh
country:      BD
admin-c:      SP349-AP
tech-c:       SP349-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-BD-LINK3
mnt-routes:   MAINT-BD-LINK3
mnt-routes:   MAINT-HK-HUTCHCA
status:       ALLOCATED PORTABLE
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be updated by APNIC hostmasters.
remarks:      To update this object, please contact APNIC
remarks:      hostmasters and include your organisation's account
remarks:      name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:      hm-changed@apnic.net 20040629
changed:      hm-changed@apnic.net 20040802
source:       APNIC

Domain Name: PIZZAANDPIZZAS.COM
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: NS1.RUBALO.IT
Name Server: NS2.RUBALO.IT
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 11-nov-2009
Creation Date: 18-aug-2008
Expiration Date: 18-aug-2010

Reblog this post [with Zemanta]

Categories:

Tags:

Leave a comment

About this Entry

This page contains a single entry by John Highway published on May 10, 2010 9:31 PM.

Webmail: setting for your mailbox ...... are changed was the previous entry in this blog.

Phishing: Email Administrator IT Service is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.