[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Empty emails example

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Empty emails example
From: "Bill Royds" <full-disclosure@xxxxxxxxx>
Date: Sat, 28 Feb 2004 15:23:47 -0500

I am still getting a lot of empty emails and noticed a peculiar similarity.
All of them use a compromised or open relay home hispeed network connection
to bounce the message.
Here are the headers from one I just received ( others are similar but with
different relay points).


> Return-Path: <ZVIFHFGZRZI@xxxxxxxxx>
> Received: from h0010b59bf977.ne.client2.attbi.com ([24.147.39.6])
>           by fep02-mail.bloor.is.net.cable.rogers.com
>           (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with SMTP
>           id
<20040228195530.WTUH244767.fep02-mail.bloor.is.net.cable.rogers.com@h0010b59
bf977.ne.client2.attbi.com>;
>           Sat, 28 Feb 2004 14:55:30 -0500
> Received: from 80.76.205.232 by 24.147.39.6; Sun, 29 Feb 2004 00:46:57
+0500
> Message-ID: <Y[20
> Date: Sat, 28 Feb 2004 14:55:31 -0500
> 

The return path is an obvious fake

The immediate relay point is a cable modem customer

The seeming original sender is a British company with domain
tradeelectronically.com which is a hosting service.

Are others seeing this pattern?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Empty emails example
  - From: Erik van Straten

Prev by Date: [Full-Disclosure] Re: Advisory 02/2004: Trillian remote overflows
Next by Date: [Full-Disclosure] RE: laptop security
Previous by thread: [Full-Disclosure] Re: Empty emails example
Next by thread: Re: [Full-Disclosure] Empty emails example
Index(es):
- Date
- Thread