My Latest Favoritist Spam

The Black Flag Cafe is the place travelers come to share stories and advice. Moderated by Robert Young Pelton the author of The World's Most Dangerous Places.

Moderator: coldharvest

My Latest Favoritist Spam

Postby RYP » Thu Mar 11, 2010 8:51 pm

This crap actually has an email address of

hsin@dhs.gov

which is actually:
Return-path: <www-data@nighthunter.ath.cx>
Envelope-to: ryp
Delivery-date: Thu, 11 Mar 2010 14:11:47 -0600
Received: from mailout07.t-online.de ([194.25.134.83])
by server.comebackalive.com with esmtp (Exim 4.69)
(envelope-from <www-data@nighthunter.ath.cx>)
id 1NpojP-00079y-MS
for ryp; Thu, 11 Mar 2010 14:11:47 -0600
Received: from fwd00.aul.t-online.de (fwd00.aul.t-online.de )
by mailout07.t-online.de with smtp
id 1NpojO-0003zA-Jh; Thu, 11 Mar 2010 21:11:42 +0100
Received: from nighthunter.eu (bKUSUZZEghlciPh0jFa0qAIpS8YJFAfaNcbi90dZVTYy05c1Gt+Ba-p9xGKdEsqgvX@[87.159.165.212]) by fwd00.aul.t-online.de
with esmtp id 1Npoj6-1TJt0y0; Thu, 11 Mar 2010 21:11:24 +0100
Received: by nighthunter.eu (Postfix, from userid 33)
id F3B592C2FA; Thu, 11 Mar 2010 21:11:22 +0100 (CET)
To: ryp
Subject: Department of Homeland Security
From: hsin@dhs.gov
Message-Id: <20100311201122.F3B592C2FA@nighthunter.eu>
Date: Thu, 11 Mar 2010 21:11:22 +0100 (CET)
X-ID: bKUSUZZEghlciPh0jFa0qAIpS8YJFAfaNcbi90d ... dialin.net
X-TOI-MSGID: 945b8ff3-d3d7-4a43-96b2-e8cedb0d6d76
X-Spam-Status: No, score=0.0
X-Spam-Score: 0
X-Spam-Bar: /
X-Spam-Flag: NO


Department of Homeland Security
INTELLIGENCE BULLETIN
UNCLASSIFIED

11 March 2010

Yesterday the Department of Homeland Security has received the prevention from NASA's Jet Propulsion Laboratory about the occurred shift of Earth’s figure axis:
________

The recent Chilean earthquake shifted the axis by approximately three inches and shortened the length of a day by 1.26 microseconds. According to NASA’s Jet Propulsion Laboratory the displacement of Earth’s axis will cause natural disasters on the Eastern coast of the USA including Florida, Georgia, South and North Carolina.
________

In this connection the DHS has made a decision to prepare for general evacuation from the specified area. The population of the region should be ready for evacuation. It is necessary collect valuable possessions, documents, things of first necessity, and wait for the announcement.

In order to prevent panic among the population DHS asks to stay calm and follow the official instructions listed below:

http://dhsorg.org/docs/instructions.zip

________________
U.S. Department of Homeland Security
Washington, DC 20528
User avatar
RYP
Ownerus Websiteus Authorus
 
Posts: 27774
Joined: Thu Mar 25, 2004 3:42 am

Re: My Latest Favoritist Spam

Postby thewalrus » Thu Mar 11, 2010 9:26 pm

I like how the NSA is sending spam from a third-rate ISP in Pakistan:

From - Wed Dec 9 14:48:37 2009
X-Account-Key: account4
X-UIDL: 0LcA3x-1Nz2UC3QM1-00jdJv
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <postmaster@comsatshosting.net>
Delivery-Date: Wed, 09 Dec 2009 04:48:22 -0500
Received: from spamfilter.comsatshosting.net (ibnsena.comsats.net.pk [210.56.8.55])
by mx.perfora.net (node=mxus2) with ESMTP (Nemesis)
id 0LcA3x-1Nz2UC3QM1-00jdJv for myworkemailaddress@company.com; Wed, 09 Dec 2009 04:48:22 -0500
Received: from spamfilter.comsatshosting.net (spamfilter.comsatshosting.net [127.0.0.1])
by postfix.imss70 (Postfix) with ESMTP id E8BBB3ACE43
for <myworkemailaddress@company.com>; Wed, 9 Dec 2009 01:56:48 +0500 (PKT)
Received: from winserver1.comsatshosting.net (winserver1.comsatshosting.net [64.38.4.122])
by spamfilter.comsatshosting.net (Postfix) with ESMTP id 5D2363ACF50
for <myworkemailaddress@company.com>; Wed, 9 Dec 2009 01:56:48 +0500 (PKT)
Received: from winserver1 [127.0.0.1] by winserver1.comsatshosting.net
(SMTPD-8.22) id AFEC05DC; Wed, 09 Dec 2009 14:37:48 +0500
Date: Wed, 09 Dec 2009 14:37:48 +0500
Subject: CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS
To: myworkemailaddress@company.com
From: ecus@nsa.gov
Message-Id: <200912091437597.SM04040@winserver1>
X-TM-AS-Product-Ver: IMSS-7.1.0.1224-6.0.0.1038-17058.006
X-TM-AS-Result: No-0.180-4.5-31-1
X-imss-scan-details: No-0.180-4.5-31-1
Envelope-To: myworkemailaddress@company.com

AFRL-RI-RS-TR-2009-136
Final Technical Report
December 2009

CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS (CYBERCAFE)

INFORMATION SUBJECT TO EXPORT CONTROL LAWS

WARNING - This document contains technical data whose export is restricted by the Arms Export
Control Act (Title 22, U.S.C., Sec 2751 et seq.) or the Export Administration Act of 1979, as amended
(Title 50, U.S.C. App. 2401, et seq.). Violations of these export laws are subject to severe criminal
penalties. Disseminate IAW DoDD 5230.25.

DESTRUCTION NOTICE - For classified documents, follow the procedures in DOD 5220.22-M, National
Industrial Security Manual (NISPOM), section 5-705 or DOD 5200.1-R, Information Security Program,
Chapter VI. For unclassified limited documents, destroy by any method that will prevent disclosure of
contents or reconstruction of the document.

Export of the attached information (which includes, in some circumstances, release to
foreign nationals within the United States) without first obtaining approval or license from
the Department of State for items controlled by the International Traffic in Arms
Regulation (ITAR), or the Department of Commerce for items controlled by the Export
Administration Regulation (EAR), may constitute a violation of law.

Download:
http://www.zeropaid.com/bbs/includes/CYBERCAFE.zip

or

http://rapidshare.com/files/318309046/C ... E.zip.html
http://www.sendspace.com/file/fmbt01



======================

The FBI relays email through a cheap ISP in the UK! Who would've thought? http://www.enixltd.com/

Obviously this .zip file contains something important, you should download the .exe in it and run it. If it doesn't do anything run it three more times just to be sure. Then call your IT department helpdesk.

From - Sun Feb 21 23:32:35 2010
X-Account-Key: account4
X-UIDL: 0LZhUC-1NLoQx3ffo-00lXxV
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <nobody@abe.enixns.com>
Delivery-Date: Sat, 20 Feb 2010 21:37:16 -0500
Received: from abe.enixns.com (abe.enixns.com [84.45.45.134])
by mx.perfora.net (node=mxus0) with ESMTP (Nemesis)
id 0LZhUC-1NLoQx3ffo-00lXxV for myworkemail@company.com; Sat, 20 Feb 2010 21:37:16 -0500
Received: from nobody by abe.enixns.com with local (Exim 4.69)
(envelope-from <nobody@abe.enixns.com>)
id 1Nj1h4-0007MW-8f
for myworkemail@company.com; Sun, 21 Feb 2010 02:37:14 +0000
To: myworkemail@company.com
Subject: INTELLIGENCE BULLETIN
From: cttd@fbi.gov
Message-Id: <E1Nj1h4-0007MW-8f@abe.enixns.com>
Date: Sun, 21 Feb 2010 02:37:14 +0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - abe.enixns.com
X-AntiAbuse: Original Domain - mycompanysdomainname.com
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - abe.enixns.com
Envelope-To: myworkemail@company.com

FEDERAL BUREAU OF INVESTIGATION
INTELLIGENCE BULLETIN

February 2010

Weapons of Mass Destruction Directorate

Indicators for Terrorist Use of Toxic Industrial Chemicals

THIS INTELLIGENCE BULLETIN PROVIDES LAW ENFORCEMENT AND OTHER
PUBLIC SAFETY OFFICIALS WITH SITUATIONAL AWARENESS CONCERNING
INTERNATIONAL AND DOMESTIC TERRORIST TACTICS.

UNCLASSIFIED//FOR OFFICIAL USE ONLY

Download:

http://timingsolution.com/Doc/BULLETIN.zip

or

http://www.sendspace.com/file/goz3yd
User avatar
thewalrus
BFCus Regularus
 
Posts: 2172
Joined: Sat Jan 13, 2007 6:43 pm
Location: Earth

Re: My Latest Favoritist Spam

Postby Kurt » Thu Mar 11, 2010 10:40 pm

I am on Windows today but has anyone downloaded those in a real operating system and run strings on them?

Sometimes you can find the IP that the controls the nasties when you do that.
User avatar
Kurt
In Manus Manus
 
Posts: 21998
Joined: Mon Mar 08, 2004 6:29 am
Location: New York City

Re: My Latest Favoritist Spam

Postby thewalrus » Thu Mar 11, 2010 10:44 pm

Kurt,

It's the zeus bot... do a whois on dhsorg.org.

Just because you're in Windows doesn't mean you can't play with the nasties inside a VMware Workstation sandbox. :)

http://www.google.com/search?q=hilary+k ... =firefox-a
User avatar
thewalrus
BFCus Regularus
 
Posts: 2172
Joined: Sat Jan 13, 2007 6:43 pm
Location: Earth

Re: My Latest Favoritist Spam

Postby Kurt » Thu Mar 11, 2010 11:03 pm

thewalrus wrote:Kurt,

It's the zeus bot... do a whois on dhsorg.org.

Just because you're in Windows doesn't mean you can't play with the nasties inside a VMware Workstation sandbox. :)

http://www.google.com/search?q=hilary+k ... =firefox-a


Its an 8 year old Windows box. It kicked ass in 2002 but it is not enough to run VMWare now.
User avatar
Kurt
In Manus Manus
 
Posts: 21998
Joined: Mon Mar 08, 2004 6:29 am
Location: New York City

Re: My Latest Favoritist Spam

Postby Scotty » Sat Mar 13, 2010 12:24 pm

You mean I evacuated to Canada for nothing?
Scotty
 
Posts: 24
Joined: Sun Mar 07, 2010 5:50 am
Location: Top Secret

Re: My Latest Favoritist Spam

Postby JamesInTheWorld » Sat Mar 13, 2010 11:12 pm

The worst Spammer is Obama’s website

I signed up for his newsletter during the election but after I unsubscribed like 40 times but I still get tons of emails from them.

~JITW
International Civilian Contractor Jobs
High Paying International Jobs
Iraq - Afghanistan - Asia - Europe
www.CivilianContractorJobs.com
User avatar
JamesInTheWorld
I HOPE YOU GET HIT BY A BUS
 
Posts: 7924
Joined: Sun Dec 18, 2005 9:58 am
Location: My Job is More Interesting Than Your Vacation


Return to Black Flag Cafe

Who is online

Users browsing this forum: Google [Bot] and 17 guests