[Dshield] I Suspect Another Problem Looming

David Cary Hart DShield at TQMcube.com
Mon Feb 5 20:31:29 GMT 2007


On Sat, 3 Feb 2007 15:22:18 -0800, <Ivan_Macalintal at trendmicro.com>
opined:
> 
> Hi David!
> 
> Do you have a sample of spammed email that you can share?
> 
It took all of five seconds to find one in the spam IMAP:

Return-Path: <celeste at typistjob.com>
X-Original-To: xxx at spam trap domain
Delivered-To: xxxspambox at tqmcube.com
Received: from 80-240-220-180.dnat.migtel.ru (unknown
[80.240.220.180]) by mail.tqmcube.com (Postfix) with ESMTP id
9BEC52B2AC for <xxx at spam trap domain>; Mon,  5 Feb 2007 15:08:55
-0500 (EST) Received: from 64.202.166.12 (HELO smtp.secureserver.net)
     by spam trap domain with esmtp (.0H7O/R*96 ,2R45V)
     id 0KP/0F->3AO)Z-J1
     for xxx at spam trap domain; Mon, 5 Feb 2007 20:08:50 -0180
Message-ID: <01c74961$73b5fb30$6c822ecf at celeste>
From: "Annette Carson" <celeste at typistjob.com>
To: xxx at spam trap domain
Subject: OEM Recovery/Restore Discs
Date: Mon, 5 Feb 2007 20:08:50 -0180
MIME-Version: 1.0
Content-Type: multipart/related;
 type="multipart/alternative";
 boundary="----=_NextPart_000_000F_01C7497A.99033330"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1478
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
Status: O
X-UID: 36451
Content-Length: 18667
X-Keywords: 

Everywhere, utterly.II. Quest and ConquestReferencesV. The Dutch in
the ArcticAlthough December's frost killed the winter . . . . . .
(snipped)

A gif attachment has the advertisement with a link to quatro-oem.com

PacNames WHOIS Server Version 1.1.0

   Domain name: QUATRO-OEM.COM
   Registrar: PacNames
   Referral URL: http://www.pacnames.com/

   Domain Registrant: (Private Contact)
(pws.c7636cd1d07e793 at shieldedwhois.com)

host quatro-oem.com
quatro-oem.com has address 121.31.56.28

inetnum:      121.31.0.0 - 121.31.255.255
netname:      CNCGROUP-GX
descr:        CNC Group Guangxi province network
descr:        China Network Communications Group Corporation


-- 
Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com
               Don't Subsidize Criminals: http://boulderpledge.org


More information about the list mailing list