RE: [Full-Disclosure] [Fwd: Please contact me !!! 800 453 2287]

• Previous message: diego.veiga_at_embraer.com.br: "[Full-Disclosure] apache browsing files"
• Maybe in reply to: andrewg_at_d2.net.au: "[Full-Disclosure] [Fwd: Please contact me !!! 800 453 2287]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Meeusen, Charles D" <cmeeusen@bnl.gov>, <full-disclosure@lists.netsys.com>
Date: Mon, 5 Jan 2004 18:40:27 +0100

Hi there,

Before i forget: Happy newyear to all of you

It is actually possible that they are trying to harvest accounting
information from
persons who are not that smart by thinking this is bogus.

It is also possible these persons want to ehm DoS ibtco.com persons since
there will
going to be people who will call the valid phonenumber.

In my opinion one can best ignore the email and just pay attention about
wherethe email might
be originated from. Don't reply to it, and never ever call the number
displayed.

HTH,

Regards,

Remko Lodder
Elvandar.org

-----Oorspronkelijk bericht-----
Van: full-disclosure-bounces@lists.elvandar.org
[mailto:full-disclosure-bounces@lists.elvandar.org]Namens Meeusen,
Charles D
Verzonden: maandag 5 januari 2004 17:30
Aan: full-disclosure@lists.netsys.com
Onderwerp: RE: [Full-Disclosure] [Fwd: Please contact me !!! 800 453
2287]

Actually, I'm glad this was posted since I also received this (to my
personal email address) and I've just spent the last 20 minutes or so
investigating it. I usually just send my spam to trash and move on but this
one caught my eye. If others got it, and can explain what's happening, I'd
appreciate it.

What I found:
The email originated from c-24-126-245-82.we.client2.attbi.com
[24.126.245.82]
The phone number really is valid for a group called ibtco.com who I have no
association with.
Google search for "lidiya aliyeva" only returns these log segments:

Jan 4 23:13:32 horsey testmail[11038]: i057DUSs011038:
from=<lidiya.aliyeva@ibtco.com>, size=2056, class=0, nrcpts=1,
msgid=<000701c3d34a$b5fd68b0$0101c80a@a>, proto=SMTP, daemon=testv4,
relay=h62n2fls34o867.telia.com [217.208.39.62]

Jan 4 23:13:34 horsey testmail[11060]: i057DXXC011053:
to=lidiya.aliyeva@ibtco.com, delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
pri=212631, relay=ibtco.com.mail5.psmtp.com. [12.158.35.251], dsn=2.0.0,
stat=Sent (Thanks)

Jan 4 23:13:34 horsey testmail[11062]: i057DXKR011052:
to=lidiya.aliyeva@ibtco.com, delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
pri=212625, relay=ibtco.com.mail5.psmtp.com. [12.158.35.251], dsn=2.0.0,
stat=Sent (Thanks)

Which can be seen in it's entirety here:
http://test.smtp.org/log

This isn't by any stretch an exhaustive inquiry, but I'd love to have
someone who knows better than me tell me what's happening here. Why would
email that, from all outward appearances seem to be spam, be sent with a
valid phone number of a (seemingly) valid company but via (seemingly)
nefarious means(seemingly) be trying to get banking info from me?

C.

-----Original Message-----
From: the measly one [mailto:measlymonkey@theplanet.org]
Sent: Monday, January 05, 2004 4:29 AM
To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] [Fwd: Please contact me !!! 800 453 2287]

> andrewg@d2.net.au wrote:
>
>
> For what its worth. I'm sure someone here knows the correct places to
> report things like these.
>
> Headers:
<snip>

thank you for your spam, but i get enough on my own. why dont you trace it
and
find out where it came from? seems like the next logical step.

the meas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-disclosure mailing list
Full-disclosure@lists.elvandar.org
http://lists.elvandar.org/mailman/listinfo/full-disclosure

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: diego.veiga_at_embraer.com.br: "[Full-Disclosure] apache browsing files"
• Maybe in reply to: andrewg_at_d2.net.au: "[Full-Disclosure] [Fwd: Please contact me !!! 800 453 2287]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Full-Disclosure] Fwd: this address is no longer available ... and get only 1..2 false positives and 5..10 not-recognized spam messages from ... >> Full-Disclosure - We believe in it. ... > Charter: http://lists.netsys.com/full-disclosure-charter.html ... (Full-Disclosure) Re: [Full-disclosure] spammer wades into US Presidential race ... So, I again ask, why mail full-disclosure if it's a job for the ... The fact that it was spam is ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure) Re: [Full-disclosure] Google creates SPAM haven ... Amazingly, despite years of SPAM being a huge problem, they have now ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure) RE: [Full-Disclosure] [Fwd: Please contact me !!! 800 453 2287] ... I usually just send my spam to trash and move on but this ... valid phone number of a valid company but via ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ... (Full-Disclosure) [Full-disclosure] List Charter ... This document serves as a charter for the [Full-Disclosure] mailing ... Typically posting will be ... members may be removed from the list by the management. ... (Full-Disclosure)