[Dshield] Strange emails

Jonathan C. Webster jwebster03 at snet.net
Sun Oct 3 22:58:56 GMT 2004


Yes, about 60 a day, but those to me get past my ISP's filters to my mail box.  I don't see as many with  that 
font as I used to. I never open one with a browser, but if I look at one with emacs I see lines like:
_________________________________________
X-Header-Overseas: Mail.from.Overseas.source.61.84.82.108
X-Header-NoReverseIP: IP.name.lookup.failed[61.84.82.108]
X-Originating-IP: [61.84.82.108]
Received: from bev.fhhk.net ([61.84.82.108]
	. . .
From: gjnknufdws41iuio at yahoo.com
. . .
Subject: !!Ä«µåŽë³³,°ø¹«¿ø,Á÷ÀåÀÎ œÅ¿ëŽëÃâ-¹«¹æ¹®,¹«Œ­·ù
____________________________________________________________

Netscape puts them all in a file called Junk which I must remember to clean out. Hmmm. I should do it again.

$ egrep "From -" Junk | wc -l
     699
$ head -1 Junk
 From - Wed Sep 22 15:14:47 2004
$


Jonathan Webster

Paul Marsh wrote:
> Anyone else seeing these at their gateways?  They're coming in to random nonexistant user names.  If opened in a browser the page displayes a blank AD.png and a hiden iframe.  That page inturn calls www_dot_enews_dot_com_dot_tw/range_dot_asp that pulls 122 hiden blank png images from a db.
> 
> Date: Sun, 3 Oct 2004 03:23:06 +0800
>  
> Sender:  
> From: 儂融國際股份有限公司 <longno_at_yahoo_dot_com> 
> Reply-To:  
> To: lorin_at_domainname_dot_com
> CC:  
> Subject: 對不起你寄錯了 
> Attachments:  
> <IMG SRC="adp_dot_iso_dot_com_dot_tw/AD.png?eid=lorin_at_domainname_dot_com&pid=other" HEIGHT="0" WEIGHT="0" BORDER="0"> 
> <br> 
> <iframe src="www_dot_enews_dot_com_dot_tw/counter_dot_asp" width=0 height=0></iframe> 
>  
> 
> 
> _______________________________________________
> DShield and the Internet Storm Center are sponsored by the SANS Institute.
> To learn more about current SANS training, see http://www.sans.org .
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 



More information about the list mailing list