header:
01 : Received: from p11sw470-471vlan3-sn02.b2x.vwg ([194.114.62.51])
02 : by vw2bwosevg01.vw2c.b2x.vwg (Totemo SMTP Server) with SMTP ID: [ID filtered]
03 : for <poor [at] spamvictim.tld >;
04 : Mon, 13 Feb 2012 xx:xx:xx +0100 (CET)
05 : Received: from apache by s81.webhostingserver.nl with local (Exim 4.76)
06 : (envelope-from <poor [at] spamvictim.tld >)
07 : ID: [ID filtered]
08 : for poor [at] spamvictim.tld ; Mon, 13 Feb 2012 xx:xx:xx +0100
09 : To: poor [at] spamvictim.tld
10 : Subject: Oi...
11 : From: Ana <ana [at] erol.com.br >
12 : MIME-Version: 1.0
13 : Content-Type: text/html
14 : Message-ID: [ID filtered]
15 : Date: Mon, 13 Feb 2012 xx:xx:xx +0100
16 : X-Junkmail-SD-Raw: score=unknown,
17 : refid=str=0001.0A0B0201.4F38C6D3.01B3,ss=1,fgs=0,
18 : ip=195.211.72.41,
19 : so=2009-06-02 xx:xx:xx,
20 : dmn=5.7.1/2009-08-27,
21 : mode=single engine
22 : Return-Path: deb37342 [at] agri-parts.com
Das angebliche Bild ist verlinkt mit whois: benedetti.us/webtrees/modules_v3/todo und versucht eine Datei Album_de_fotos.exe (578.048 Bytes) herunterzuladen.
[Link nur für registrierte Mitglieder sichtbar.
] sagt dazu: BScope.Trojan.Banker a variant of Win32/ProxyChanger.BP
Eniac
Lesezeichen