Home Page
About Me
About Us
Contact Info
The Black List SPAM Downloads

CERT Advisories
SPAM / Scams To Look Out For:

I Editted out my server information...

Return-Path: <andrea.kopper@chello.at>
Received: from [MYMAILSERVERINFO] ([MYMAILSERVERINFO])
by [MYMAILSERVER.COM] (8.12.10+Sun/8.12.10) with ESMTP id k3NHflVM024235
for <bothcastle@[MYMAILSERVER.COM]>; Sun, 23 Apr 2006 13:41:47 -0400 (EDT)
X-Envelope-From: andrea.kopper@chello.at
Received: from viefep12-int.chello.at (viefep14-int.chello.at [213.46.255.14])
by [MYMAILSERVERINFO] (8.13.6/8.13.6) with ESMTP id k3NHfV96023500
for <abuse@[MYMAILSERVER.COM]>; Sun, 23 Apr 2006 13:41:37 -0400 (EDT)
Received: from miraculix.kopper.int ([80.108.185.230])
by viefep12-int.chello.at
(InterMail vM.6.01.04.04 201-2131-118-104-20050224) with ESMTP
id <20060423174125.LAYK25563.viefep12-int.chello.at@miraculix.kopper.int>
for <abuse@[MYMAILSERVER.COM]>; Sun, 23 Apr 2006 19:41:25 +0200
Received: from localhost (localhost [127.0.0.1])
by miraculix.kopper.int (Postfix) with ESMTP id ABAAF116B1A2
for <abuse@[MYMAILSERVER.COM]>; Sun, 23 Apr 2006 05:59:55 +0200 (CEST)
Received: from by localhost (amavisd-new, port ) id XXtKyGxq
for <abuse@[MYMAILSERVER.COM]>; Sun, 23 Apr 2006 05:59:55 +0200 (CEST)
Received: by miraculix.kopper.int (Postfix, from userid 504)
id E6B2E116BC54; Sat, 22 Apr 2006 10:04:39 +0200 (CEST)
To: abuse@[MYMAILSERVER.COM]
Subject: You have received a postcard !
From: "postcard.com" <postcard@postcard.com>
Content-Type: text/html
Message-Id: <20060422080439.E6B2E116BC54@miraculix.kopper.int>
Date: Sat, 22 Apr 2006 10:04:39 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at kopper.int
X-DCC--Metrics: [MYMAILSERVERINFO] 1114; Body=63 Fuz1=1159 Fuz2=41
X-Spam-Status: No, hits=4.6 required=6.0
tests=DATE_IN_PAST_12_24,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,UNPARSEABLE_RELAY,
URIBL_BLACK,URIBL_GREY
version=3.1.0
X-Spam-Checker-Version: MC+SA 3.001000 (2005-09-13)
X-Scanned-By: [MYMAILSERVERINFO]

<strong>Hello friend !</strong><br>
You have just received a postcard from someone who cares about you!<br><br>
<strong>This is a part of the message:</strong><br>
&quot;Hy there! It has been a long time since I haven't heared about you!<br>
I've just found out about this service from Claire, a friend of mine who also told me that...&quot;<br>
<strong>If you'd like to see the rest of the message click <a
href="http://www.smart-hack.go.ro/postcard.exe">here</a> to receive your
animated postcard! </strong><br><br>

<strong>===================</strong><br>
Thank you for using <span class="style1">www.yourpostcard.com</span> 's services !!!<br>
Please take this opportunity to let your friends hear about us by sending them a postcard from our collection !<br>
<strong>==================</strong>
</div>

Download & Virus Scan of File:

postcard.exe:

\postcard.exe/data.rar\sup.reg - is a Trojan Backdoor.IRC.Zapchast

\postcard.exe/data.rar\svchost.exe - is infected with virus Virus.Win32.Parite.b

\postcard.exe/data.rar\script.ini - is a Trojan Backdoor. IRC.Zapchast

\postcard.exe/data.rar\mirc.ini - is a Trojan Backdoor. IRC.Zapchast

\postcard.exe/data.rar - is a Trojan Backdoor. IRC.Zapchast

* Note: I seriously hope no one on a PC is clicking on this thing, or falling for it.


Copyright© NetKungFu.org