[193675] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Someone's scraping NANOG for phishing purposes again

daemon@ATHENA.MIT.EDU (valdis.kletnieks@vt.edu)
Fri Feb 10 14:12:29 2017

X-Original-To: nanog@nanog.org
From: valdis.kletnieks@vt.edu
X-Google-Original-From: Valdis.Kletnieks@vt.edu
To: Rich Kulawiec <rsk@gsp.org>
In-Reply-To: <20170210182231.GA9188@gsp.org>
Date: Fri, 10 Feb 2017 14:09:02 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org

--==_Exmh_1486753742_8409P
Content-Type: text/plain; charset=us-ascii

On Fri, 10 Feb 2017 13:22:31 -0500, Rich Kulawiec said:
> On Fri, Feb 10, 2017 at 11:56:02AM -0600, Andrew Latham wrote:
> > On a great many mailing lists, Suresh is spot on as this looks more like
> > infected user but headers would be good.

The one I found in my mailbox yesterday tends to support "multiple users
infected with a spamming botnet":

Received: from smtp.interfree.it (smtp.interfree.it [80.91.55.53]) by  mr3.cc.vt.edu (8.14.7/8.14.7) with ESMTP id v190Ro7i021554 for  <Valdis.Kletnieks@vt.edu>; Wed, 8 Feb 2017 19:27:56 -0500
Received: from [59.55.63.88] (helo=jame-PC) by smtp.interfree.it with esmtpsa  (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from <bazzanie@interfree.it>) id  1cbcaI-0007Zj-Cz; Thu, 09 Feb 2017 01:27:42 +0100
Message-id: <1427704941.20170209032724@interfree.it>

Subject: look at that, it's amazing!
From: "William Herrin" <bazzanie@interfree.it>
Date: Thu, 9 Feb 2017 06:27:24 +0600 (Wed 19:27 EST)
To: "Ronald F. Guilmette" <rfg@tristatelogic.com>,         "Robert Webb"  <rwebb@ropeguru.com>,         "Valdis Kletnieks" <Valdis.Kletnieks@vt.edu>,         "Scott  Brim" <scott.brim@gmail.com>

--==_Exmh_1486753742_8409P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Comment: Exmh version 2.5 07/13/2001

iQEVAwUBWJ4Pzo0DS38y7CIcAQL41Af8DBlRWPVfYL2pu/zaXpfk9wdxDiWQuSky
ibTDTOSK5tilvurolna/v4EBNHhU+8Se0q8/TrLDYZQE1sYDFUy8utoIZUQs1Qsh
zgm5OGmPnh/jjSsgKHovQ29IMOK1US/iguMd1NXqTDIaGOniFP/LaYsvd+Ismq8k
jBCbkh9IgZh9sq7Fq8NTUVJQAnX6R+GCeM5D1wdYmFfZZQwJT93ufMmxjolEjxbC
UmSSOf9I7AAFaZQzIAw7Q2nCq8wJH6f+is/Nwtb9x5T8w18N9X6X6X3kn3QaWP8S
nplp9RZoTB3+cngjrv1rHNaef93EEU9w8/Kc4IQ7mybK7vBTqvw9oQ==
=HJv/
-----END PGP SIGNATURE-----

--==_Exmh_1486753742_8409P--
home help back first fref pref prev next nref lref last post