Detlev
21.10.2011, 20:49
Bei einer Mugu-Mail, die ich heute in die Tonne getreten habe, kam die Fehlermeldung, dass mind. 1 ActiveX-Control aus Sicherheitsgründen nicht ausgeführt werden kann.
Versuchen die Afrikaner jetzt, ihre Erfolgsquoten durch irgendwelche Malware zu erhöhen?
Einen sichtbaren Anhang hatte die Mail nicht.
Hier der Header:
Return-Path: <kofi_darkwa [at] yahoo.com.ph>
X-Original-To: xxxxxx [at] meinedomain.tld
Delivered-To: poor [at] spamvictim.tld
X-policyd-weight: NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 NOT_IN_IX_MANITU=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .yahoo. - helo: .nm21-vm0.bullet.mail.sp2.yahoo. - helo-domain: .yahoo.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -8.5
Received: from nm21-vm0.bullet.mail.sp2.yahoo.com (nm21-vm0.bullet.mail.sp2.yahoo.com [98.139.91.220])
by dd3310.kasserver.com (Postfix) with SMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Fri, 21 Oct 2011 xx:xx:xx +0200 (CEST)
Received: from [98.139.91.68] by nm21.bullet.mail.sp2.yahoo.com with NNFMP; 21 Oct 2011 xx:xx:xx -0000
Received: from [98.139.91.53] by tm8.bullet.mail.sp2.yahoo.com with NNFMP; 21 Oct 2011 xx:xx:xx -0000
Received: from [127.0.0.1] by omp1053.mail.sp2.yahoo.com with NNFMP; 21 Oct 2011 xx:xx:xx -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-ID: [ID filtered]
Received: (qmail 94480 invoked by UID: [UID filtered]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.ph; s=s1024; t=1319219149; bh=Nqy5oKtOuUxH8a7fsYfmVaTsNZqjg/FF6Axt9hJWbhk=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=SpOJOiJx6viL2YbvQMBkmUpbVJ1hBr93jD0q+HUinc503vQZaLurzk8A8QqZQzZGpYQC64W4izrNZK 5YFqJ/tTfSLKHp+CinTq1iWglk4YeyXqf/MMABpYDZXauvxlmp9O6+auyv2LUmXEtk44h0VsimmsLUhBQL9btr1ydJqv8=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com.ph;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=qFaWO6QwGlHVMPeIqrx6B/g0A29BlikBE8+O3zonKL/ZeQmYb3G+WDNa/ytfo8ZT80WJmtlkpo1u1cggjLZpkG32duLNAr0+5XhKF+LDteJVWvhzjdpgSKj5aq4wMAMbySm/Rh7f+kqDVIpWN9XqNFmCQkk910T+pBpkigkxy6k=;
X-YMail-OSG: 2OngcOUVM1lwK.xOAKZINiCH9HFodvShmk58PdKeMLTrs1n
L1Db46OTf
Received: from [41.218.213.138] by web190120.mail.sg3.yahoo.com via HTTP; Sat, 22 Oct 2011 xx:xx:xx SGT
X-Mailer: YahooMailClassic/14.0.10 YahooMailWebService/0.8.114.317681
Message-ID: [ID filtered]
Date: Sat, 22 Oct 2011 xx:xx:xx +0800 (SGT)
From: Kofi Darkwa <kofi_darkwa [at] yahoo.com.ph>
Reply-To: mr.kofidarkwa [at] msn.com
Subject: From: Mr Kofi Darkwa
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1205340256-1322057979-1319219145=:66780"
X-KasLoop: m00e9119
Meine pers. Daten habe ich natürlich geändert.
Versuchen die Afrikaner jetzt, ihre Erfolgsquoten durch irgendwelche Malware zu erhöhen?
Einen sichtbaren Anhang hatte die Mail nicht.
Hier der Header:
Return-Path: <kofi_darkwa [at] yahoo.com.ph>
X-Original-To: xxxxxx [at] meinedomain.tld
Delivered-To: poor [at] spamvictim.tld
X-policyd-weight: NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 NOT_IN_IX_MANITU=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .yahoo. - helo: .nm21-vm0.bullet.mail.sp2.yahoo. - helo-domain: .yahoo.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -8.5
Received: from nm21-vm0.bullet.mail.sp2.yahoo.com (nm21-vm0.bullet.mail.sp2.yahoo.com [98.139.91.220])
by dd3310.kasserver.com (Postfix) with SMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Fri, 21 Oct 2011 xx:xx:xx +0200 (CEST)
Received: from [98.139.91.68] by nm21.bullet.mail.sp2.yahoo.com with NNFMP; 21 Oct 2011 xx:xx:xx -0000
Received: from [98.139.91.53] by tm8.bullet.mail.sp2.yahoo.com with NNFMP; 21 Oct 2011 xx:xx:xx -0000
Received: from [127.0.0.1] by omp1053.mail.sp2.yahoo.com with NNFMP; 21 Oct 2011 xx:xx:xx -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-ID: [ID filtered]
Received: (qmail 94480 invoked by UID: [UID filtered]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.ph; s=s1024; t=1319219149; bh=Nqy5oKtOuUxH8a7fsYfmVaTsNZqjg/FF6Axt9hJWbhk=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=SpOJOiJx6viL2YbvQMBkmUpbVJ1hBr93jD0q+HUinc503vQZaLurzk8A8QqZQzZGpYQC64W4izrNZK 5YFqJ/tTfSLKHp+CinTq1iWglk4YeyXqf/MMABpYDZXauvxlmp9O6+auyv2LUmXEtk44h0VsimmsLUhBQL9btr1ydJqv8=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com.ph;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=qFaWO6QwGlHVMPeIqrx6B/g0A29BlikBE8+O3zonKL/ZeQmYb3G+WDNa/ytfo8ZT80WJmtlkpo1u1cggjLZpkG32duLNAr0+5XhKF+LDteJVWvhzjdpgSKj5aq4wMAMbySm/Rh7f+kqDVIpWN9XqNFmCQkk910T+pBpkigkxy6k=;
X-YMail-OSG: 2OngcOUVM1lwK.xOAKZINiCH9HFodvShmk58PdKeMLTrs1n
L1Db46OTf
Received: from [41.218.213.138] by web190120.mail.sg3.yahoo.com via HTTP; Sat, 22 Oct 2011 xx:xx:xx SGT
X-Mailer: YahooMailClassic/14.0.10 YahooMailWebService/0.8.114.317681
Message-ID: [ID filtered]
Date: Sat, 22 Oct 2011 xx:xx:xx +0800 (SGT)
From: Kofi Darkwa <kofi_darkwa [at] yahoo.com.ph>
Reply-To: mr.kofidarkwa [at] msn.com
Subject: From: Mr Kofi Darkwa
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1205340256-1322057979-1319219145=:66780"
X-KasLoop: m00e9119
Meine pers. Daten habe ich natürlich geändert.