[Dshield] Spam Email - Threats and Extortion

Ackley, Alex aackley at epmgpc.com
Thu Apr 19 19:06:36 GMT 2007


Our first one was a yahoo address and the second was a gmail address.
terminator_ak47_sadsoul at yahoo.com
and
croscross2 at gmail.com

Both header IPs resolved to the correct mail servers as specified in the
email address.  This is what made me worried to begin with as it wasn't
some unknown mail server sending through some other open relay.  It's
starting at either of these large email providers and coming directly to
our domain.

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Bryan Hill
Sent: Thursday, April 19, 2007 2:51 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Spam Email - Threats and Extortion

Can you also provide the IP address you are receiving this from???

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Tomas L. Byrnes
Sent: Thursday, April 19, 2007 11:29 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Spam Email - Threats and Extortion

You should report this to Law Enforcement.
 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Ackley, Alex
> Sent: Thursday, April 19, 2007 9:49 AM
> To: list at lists.dshield.org
> Subject: [Dshield] Spam Email - Threats and Extortion
> 
> We've recently begun seeing a few emails come across that I 
> sure hope are spam.  They basically report that the sender 
> has been contracted to perform bodily harm/kill the recipient 
> and has been following them for a period of time.  If they do 
> not give X dollars to a location to be named later, they'll 
> carry out the threat.  The emails look like the usual spam, 
> in that they have a couple of misspelled words, 
> capitalization and grammar problems.  But, they don't exhibit 
> the usual spam features in the headers.  They come from a 
> single address that is easily tracked down instead of through 
> a series of smtp servers and directly address the end user.
> 
>  
> 
> I can provide the actual text and some email headers if folks 
> want to see.  
> 
>  
> 
> But has anyone else seen anything like this recently or heard of this?
> 
>  
> 
> Thanks,
> 
>  
> 
> Alex Ackley
> 
> Systems Administrator
> 
> EPMG, PC
> 
>  
> 
> _________________________________________
> 
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 
> Courses taught by our top rated instructors plus a huge 
> vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> 

_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
 
This information may be legally privileged and/or is confidential, and
is intended for the use of the addressee named above.  Any other use is
strictly prohibited.  If you have received this communication in error,
please immediately notify me and destroy the communication.  Any
wrongful interception of this transmission is  prohibited and punishable
under federal law.

_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)



More information about the list mailing list