Heute bekommen, und ich frage mich, kann per drive.google.com eine Malware in den Rechner des Nutzers injiziert werden?


header:
01: Return-Path: <Goodall-J1 [at] email.ulster.ac.uk>
02: Received: from EUR02-VE1-obe.outbound.protection.outlook.com ([40.107.2.119])
03: by mx-ha.gmx.net (mxgmx017 [212.227.15.9]) with ESMTPS (Nemesis) ID: [ID filtered]
04: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=emailulsterac.onmicrosoft.com;
05: s=selector1-email-ulster-ac-uk;
06: h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
07: bh=PuP2SggXZp2Ar5Mf028aqdJjJVaiNk71N4eh8XrJiag=;
08: b=aiZ5WFK81n+59P0/0GYI8goegjhSJp5jWv9FU5bGX8FmOIwOYiItAibLI99+OgV+yP6CYgLLKlYrY21I4EZeNtQYis+A
09: DDJuGLQcorYx49PTv8fPhO6g4nLHkbF2ouKxxW8EcjFTfYGkHfmU3ekU3qbYXEANbzqKhJifB/s5yc=
10: Received: from AM6PR01MB4165.eurprd01.prod.exchangelabs.com (20.177.38.140) by
11: AM6PR01MB4295.eurprd01.prod.exchangelabs.com (20.176.242.90) with Microsoft SMTP Server
12: (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) ID: [ID filtered]
13: Received: from AM6PR01MB4165.eurprd01.prod.exchangelabs.com
14: ([fe80::684e:a238:a02e:d508]) by AM6PR01MB4165.eurprd01.prod.exchangelabs.com
15: ([fe80::684e:a238:a02e:d508%2]) with mapi ID: [ID filtered]
16: From: Justine Goodall <Goodall-J1 [at] email.ulster.ac.uk>
17: To: "poor [at] spamvictim.tld" <poor [at] spamvictim.tld>
18: Subject: Pleasse donnt shhow itt anyonne, its onlyy for yoou.
19: Thread-Topic: Pleasse donnt shhow itt anyonne, its onlyy for yoou.
20: Thread-Index: [filtered]
21: Date: Fri, 21 Dec 2018 xx:xx:xx +0000
22: Message-ID: [ID filtered]
23: Accept-Language: en-GB, en-US
24: Content-Language: en-US
25: X-MS-Has-Attach:
26: X-MS-TNEF-Correlator:
27: x-originating-ip: [2001:e68:508c:9aed:1e5f:2bff:fe04:8720]
28: x-clientproxiedby: KU1PR03CA0010.apcprd03.prod.outlook.com (2603:1096:802:18::22) To
29: AM6PR01MB4165.eurprd01.prod.exchangelabs.com (2603:10a6:20b:1a::12)
30: x-ms-exchange-messagesentrepresentingtype: 1
31: x-ms-publictraffictype: Email
32: x-microsoft-exchange-diagnostics:
33: 1;AM6PR01MB4295;6:lvkgu+YNHhVmHs1GimxNZ9jJWZPdaAXTug9cSGYTEAwEUDHm+xkC5SJNTkiPPmG9NtljxqFZ8jos
34: bFX4UKf7+JYbTCzofPdqYtCdQ+IKj5mBFhbZxlEWYdhyCtX9l9qhBbpz8W3oXujVlifYTxqp9Q6tFfYCV+bcWRZeQV0S6v
35: FM0y2bKSvkK43BasuJCkbCnIiVSCTatBr1BvHws5oplPcPh9IyVT5DERYzhxfoCHdP2dZSz/xRPmRWapzXDdfbp2lUbKXU
36: IxDi2trP+jIq4Yr9v+N1bQjld9uqlYPGXDgiNhclmpmo4E4Wyxe40xLkvw4JPKg4q3pvruiNpXhAWXU4/Y2WtPKRZDk9tk
37: BM1Jqad7vrWJfxTDMsiD9FkQiHjvCgt5JDnJ6qsB6TuxrQbtmAuJYgGdCGgocxZuvsbIrRRTPMUXDdNPSZMzAOjaessjim
38: b7S+SZpp0r2KA==;5:sr3dNLTa5c3zdRV5QyB+Keu7PChAKG8rGkgOrWj/7+GDGZx6ukfaRlZiIU8R422TEXy8SzwqYKQf
39: 7MVY0EMXklCWhB28+NPSdaeOfDhxZHKoNXmKrfcPkKQ6ibawX7cpik5sX9Q2M6NJCZrnzUI5PBLVm9kajXgsQCouy0N130
40: ;7:z6M9nXrtKCU0/z/S8qVxqIbvtcpwUZam1ipmECYTiXA+UpSoE50eMEsmsLPl/SoRWePmijEupI9ocTvmRJPQtRX8JSt
41: x5NXBRX1VIM4lJFRo2XW0tF8B6tJwO80ugbkyIVfBXJ6oIMZJOWMTfbN+g==
42: x-ms-office365-filtering-correlation-ID: [ID filtered]
43: x-microsoft-antispam:
44: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201
45: 02281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020);SRVR:AM6PR01MB4295;
46: x-ms-traffictypediagnostic: AM6PR01MB4295:
47: x-microsoft-antispam-prvs:
48: <AM6PR01MB42954486F5B9FF6CD9A89101B9B80 [at] AM6PR01MB4295.eurprd01.prod.exchangelabs.com>
49: x-ms-exchange-senderadcheck: 1
50: x-exchange-antispam-report-cfa-test:
51: BCL:0;PCL:0;RULEID:(3230021)(999002)(5005026)(6040522)(2401047)(8121501046)(3231475)(944501520
52: (52105112)(93006095)(93001095)(10201501046)(3002001)(149066)(150057)(6041310)(201703131423095)
53: 201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(2016112356
54: 045)(20161123564045)(20161123558120)(20161123560045)(201708071742011)(7699051)(76991095);SRVR:
55: M6PR01MB4295;BCL:0;PCL:0;RULEID:;SRVR:AM6PR01MB4295;
56: x-forefront-prvs: 0893636978
57: x-forefront-antispam-report:
58: SFV:NSPM;SFS:(10019020)(136003)(396003)(346002)(39860400002)(376002)(366004)(199004)(189003)(6
59: 06002)(9686003)(54896002)(256004)(33656002)(55016002)(25786009)(5660300001)(53936002)(236005)(
60: 16002)(2906002)(305945005)(68736007)(786003)(7736002)(105586002)(81166006)(81156014)(106356001
61: (1730700003)(2351001)(6116002)(8936002)(74482002)(74316002)(99286004)(486006)(8676002)(9773600
62: )(4743002)(5640700003)(478600001)(72206003)(6436002)(558084003)(86362001)(102836004)(476003)(7
63: 190400001)(71200400001)(186003)(46003)(6506007)(606006)(2501003)(6916009)(386003)(14454004)(76
64: 6005)(52116002);DIR:OUT;SFP:1102;SCL:1;SRVR:AM6PR01MB4295;H:AM6PR01MB4165.eurprd01.prod.exchan
65: elabs.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
66: received-spf: None (protection.outlook.com: email.ulster.ac.uk does not designate
67: permitted sender hosts)
68: x-microsoft-antispam-message-info:
69: vYF3Mw0jhseHOagc+O7gZ2WQurJt6B4L4dv7xnUKu40pPndWpmU2QNe+GZ7mFvt04Es2TcLkS7M1vIGtHN6lhF8M/ji0yN
70: jOjM/bVV6+gjrDwhA//RN5P7UrpMzO5EnF4h7FCJSG4UYBxdgwME0i2W6gRBsNgSRq4pJdrGBaKlaaIvRMVNpBNjsjO2++
71: vmx84t0PLXmIZcTB1MlDK+UumYAG7d2sEpP6sC99x6L1/ytLYaW0z82DWjHF5wYrn6QF2/betgSE8TxEKAmEan3WM5Y7vs
72: nNnX3JRBlXusITrYiJvHXF4jc+wx/FrsVAU
73: spamdiagnosticoutput: 1:99
74: spamdiagnosticmetadata: NSPM
75: Content-Type: multipart/alternative;
76: boundary="_000_AM6PR01MB41650481D3B6DEEB00016120B9B80AM6PR01MB4165eurp_"
77: MIME-Version: 1.0
78: X-OriginatorOrg: email.ulster.ac.uk
79: X-MS-Exchange-CrossTenant-Network-Message-ID: [ID filtered]
80: X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2018 xx:xx:xx.0368 (UTC)
81: X-MS-Exchange-CrossTenant-fromentityheader: Hosted
82: X-MS-Exchange-CrossTenant-ID: [ID filtered]
83: X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR01MB4295
84: Envelope-To: <poor [at] spamvictim.tld>
85: X-GMX-Antispam: 5 (eXpurgate); Detail=V3;
86: X-Spam-Flag: YES
87: X-UI-Filterresults: junk:10;V03:K0:qL7KSn6lGbc=:Dc9jFGp90A/0EyGONUl/KBM6M0ug
88: 4f7KFk/iWUx5IY25yJuahzS9254uNa79c7EErrmEFieVssGQHor8bp4cxwaNqtg8FoK6rt5GZ
89: UcB4HZwUJd/w7XHmt6OVHMEwuwidUsEqUdeIHgAvnRk35gCI7uxn9LeQE+Le24nwEBuJEhLsX
90: QdGHlnFjbMhYx72khgKvclT9ZIV3HWG6PsxTjSCg84XjgCZ32krll5WsJ2atfJIuEWukM5fTA
91: CaxBDMwRv/V+Dsvug+L6nsEq/fCVWo/K1uZLooCL8ne3W8u0iKg1tFr8MnvpwMrJq5RyUIKp9
92: h1jaXPGvmRfNQ64XJl9+hIavNYxU5fp3pVnDG0xCXuNDdJFMmKdhvz2gaZdxQBrOpP0nZ6Ijn
93: aaxXr+5N7+JSO70g0tsj/1u+zpLp7b9PHlIVt4fSrD8z+yJNhMMGHOVG52F6Kh7eE6eTozbtT
94: Ln8j+5tALTM+UC8v0Ccaq+Tr5qQTxgebd3JyJN75LHwd3vVwq/OpEB9BWPjduCMzzlbEfvTN0
95: EEgWLKt6ThTFQjyGQbTYYPWJYFYk2FOZMNI5f6aswcmQVgi2S0L5RTjSnr4L5HGtRUSH0jtzj
96: NagaHslZ3Eyw5YDY2Ti2DB5aR7SdjmhVQmRtKfoD7BDm8HbhJ3FLtlCI4rR6pkjSegqECn7N3
97: ysfcRWUHWDBBcrxCFONKk2nxcpkN2HVMmJAxXyNTYgrca6IV0xKXB09pVn/xwg3Ez8QtTZFBe
98: s5kOmREy2m59caon/cFEmfh6yIKeqEkDjtq3DRQCknGkcJnpLkBaB9JlPjCdIeb5D4273F0KK
99: G6dsYJQj8EcdTumRG4j2/SOuj14jeNGva75QnIuaGEiKT7TzVYi8uMeSefyvdSZ+SZAMLie2V
100: VVbB1A5mJToJiak/SIfZeY+bT8QIHkT0biv1FowMkED2IM+HK++h+GguIe16rFlx8oMhr5Cqc
101: fbl0zBlvkA3Ml7Y+uDhOd9vRmBgdQHGh6R5Gkf1r3NiazAAj4MCPkPShasLjejHsYbYBbCOwR
102: VJPbrnqffF2/wG22X1/4ewyrVDVgtFnnfarrd8pNLmGmAwtZe/4ynx31095Xb7JSL++AMpf8b
103: w5G24wAB4tMKnoJZZFkI1Ukbi9BcRNiTJ/4MDbQZp/zTFpooE6dmlYyZ2hEnBLyDsFNg2sl6l
104: /XkO4/mIEn6/wpDBNJOl8nhZIDVD4feBK+fNJzcV7QEU3QTtBy8KhUY91WD+Bo8MuBW4gjA/O
105: D07h3fdjob3qbd1/xLkx1zrcEDp68ywjCFlBmzGVFU0SimnuixTtlddsy4dqPKoKCufEBx7Wr
106: OsW6LigElDMGycNh2gWmA7OUpcKF+bhVE8pnG9E6aLK57pqXCMtedctAe7e3wo1THn0EVK1QC
107: PNaCvEuVh2eE5A9jQ9+pSgHkc/41KBTUx4tQlFnSGBEJ05C1Pw/6h3IOd08ICWnJdOcNADUNp
108: m8m2WNYYS5YzfozkhNwBaJzIu0GaoBors06Ht0L59o6U5fuoHIN7pP4fPkACD8nFABNSrWttQ
109: e5IVXkb6Hb2OJz/NHJE/N80KF6iLISi3kRcPbzTTQruUOJLg2H5z0UHmdAfwdtqbiAgD+RLNi
110: IjCZAGvtHwULVbvrzqAsHix3lChr0M53Mv73w8FwEr+c3O2oawcMzQpomXNOOFOmlk+Sgphof
111: 79XqDVxQytGS6Iwc2B2TkPq508UPdMDlJ4A439IYCzlTzwGUQbPz0pEmRAekTPWXRxF1rcG67
112: MnbI1HLXTiiU/MK1y4EeLqrL0JzKG7yRJun0UdIi0dLj6u5Gz4dx3jMIF0ypp+LvL4SL+XXZ0
113: gU0J96C2K1SXgzTIsOxEwOTnvEmFJ+xfJuaDR5xWVWQROs7IBm7EWeyEqxxDU1QA8dKxo8pZb
114: EUklVOsojITC+upZowceaQ8n3CwXpnZS0CnIdfHARTBcj2BsB+NIBFYF7k0TKyUAptN8hYIID: [ID filtered]
I haave a new Christmass photossession, annd i caan showw yoou somethhing neww, but doont show thiss anyone. ok?? [Linkname]
Linkname ist "Photos" und geht nach https:\/\/drive.google.com\/file\/d\/1zCk73NiaKXFavxnJzVfR5ZMebEGTDQVA\/view?usp=sharing')
(Sorry, so formatiert GMX das, entweder haben die Spammer das so formatiert oder es war GMX, und GMX hat die Option entfernt eine Email im Original anzuzeigen.

Der Link geht, GMX typisch nach https://deref-gmx.net/mail/client/Vw...file%2Fd%2F1zC [,,,] also eine Weiterleitung nach https;//drive.google.com/file/d/F1zC [,,,]