PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : EBAY: OFFICIAL INFORMATION [Wed, 25 Jan 2006 06:53:30 +0600]


schara56
25.01.2006, 02:06
Return-Path: <custservice_id_456515812818814 [at] ebay.com>
X-Flags: 0000
Delivered-To: GMX delivery to xxx
Received: (qmail invoked by alias); 25 Jan 2006 xx:xx:xx -0000
Received: from 146.red-82-158-144.user.auna.net (HELO 146.red-82-158-144.user.auna.net) [82.158.144.146]
by mx0.gmx.net (mx026) with SMTP; 25 Jan 2006 xx:xx:xx +0100
FCC: mailbox://custservice_id_456515812818814 [at] ebay.com/Sent
X-Identity-Key: id1
Date: Wed, 25 Jan 2006 xx:xx:xx +0200
From: eBay Inc <custservice_id_456515812818814 [at] ebay.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: poor [at] spamvictim.tld
Subject: EBAY: OFFICIAL INFORMATION [Wed, 25 Jan 2006 xx:xx:xx +0600]
Content-Type: multipart/related;
boundary="------------010704030601070106040009"
Message-ID: [ID filtered]
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 4 (From SPF protected domain over unauthorized server)
X-GMX-UID: [UID filtered]

http://200.41.5.40:780/rock/e/
kjz1
25.01.2006, 21:31
Ach ja, uns Leo schon wieder. Anscheinend benutzt er versch. Ratware, das mit dem Datum im Betreff gab's auch schon bei den Dresdner und Deutschen bank phishs.

- kjz
sis
30.01.2006, 01:16
Eben von Leo eingetrudel (Outlook verschiebt sämtlichen Leo-Spam konsequent und lautlos in den Junk-E-Mail Ordner, da muss ich immer extra nachschauen).Return-Path: <support_num_30564182109405 [at] ebay.com>
X-Sieve: CMU Sieve 2.2
Received: from cpe-72-177-146-199.houston.res.rr.com ([72.177.146.199]) by .de
with smtp ID: [ID filtered]
FCC: mailbox://support_num_30564182109405 [at] ebay.com/Sent
X-Identity-Key: ID7
Date: Sun, 29 Jan 2006 xx:xx:xx -0500
From: eBay <support_num_30564182109405 [at] ebay.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: <...>
Subject: eBay: Urgent Security Notice For All Clients [Sun, 29 Jan 2006 xx:xx:xx -0200]
Content-Type: multipart/related;
boundary="------------090601030407070900080004"
Spamlink http://218.28.165.168:180/rock/e/

Interessant: Ein Telnet auf den offensichtlich gehackten Port 180 bringt folgende Meldung (gleich danach wird die Session terminiert):

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>501 Method Not Implemented</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
[hier steht mein Kommando 'xxx'] to /index.html not supported.<P>
InvalID: [ID filtered]
<HR>
<ADDRESS>Apache/1.3.34 Server at localhost Port 80</ADDRESS>
</BODY></HTML>
Telekomunikacja
30.01.2006, 11:22
http://img96.imageshack.us/img96/7946/avid7wy.gif:
From support_id_36566874294582 [at] ebay.com Mon Jan 30 xx:xx:xx 2006
Return-Path: <support_id_36566874294582 [at] ebay.com>
X-Flags: 1001
Delivered-To: GMX delivery to XXX
Received: (qmail invoked by alias); 30 Jan 2006 xx:xx:xx -0000
Received: from user-12ldemr.cable.mindspring.com (HELO user-12ldemr.cable.mindspring.com) [69.86.186.219]
by mx0.gmx.net (mx046) with SMTP; 30 Jan 2006 xx:xx:xx +0100
FCC: mailbox://support_id_36566874294582 [at] ebay.com/Sent
X-Identity-Key: Id7
Date: Mon, 30 Jan 2006 xx:xx:xx +0200
From: eBay Inc <support_id_36566874294582 [at] ebay.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: XXX
Subject: Official information to eBay clients
Content-Type: multipart/related;
boundary="------------020806060009090403050009"
Message-ID: [ID filtered]
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 4 (From SPF protected domain over unauthorized server)
X-GMX-UID: [UID filtered]
http://218.28.165.168:180/rock/e/

Angefügter Text:

The road you were on when you had your wreck. Sometimes all one really had to go on was a family resemblance — and such resemblances, of course, never precluded the unlikely but hardly impossible coincidence of bastardy. PLEASE DON'T — "Too bad you'll never read it,»Paul said, and smiled at her. I'll write in my note that I'm there, in Steamboat Heaven, looking at ceramics. But there was still that strong, hurtful moment of guilt — like a quick deep stab-wound.

Perfide übrigens, dass der tatsächliche link für den "unbedarften" Leser der mail nicht erkennbar ist: http://img92.imageshack.us/img92/4540/ebaylink6ux.jpg
kjz1
30.01.2006, 21:18
http://218.28.165. 168:180/rock/e/

Und auf demselben Server hat er auch noch Deutsche Bank Phishing laufen:

http://218.28. 165.168:180/rock/d/

also /e=eBay, /d=Deutsche Bank, ob da noch mehr kommt? Oft dienen diese gehackten Server ja nur als Proxies, der Content liegt auf einem anderen Server. Ob dies hier auch der Fall ist?

- kjz
Telekomunikacja
04.02.2006, 19:06
From custservice_id_2510493102 [at] ebay.com Sat Feb 4 xx:xx:xx 2006
Return-Path: <custservice_id_2510493102 [at] ebay.com>
X-Flags: 1001
Delivered-To: GMX delivery to XXX
Received: (qmail invoked by alias); 04 Feb 2006 xx:xx:xx -0000
Received: from 201-25-98-97.cbace301.ipd.brasiltelecom.net.br (HELO 201-25-98-97.cbace301.ipd.brasiltelecom.net.br) [201.25.98.97]
by mx0.gmx.net (mx087) with SMTP; 04 Feb 2006 xx:xx:xx +0100
FCC: mailbox://custservice_id_2510493102 [at] ebay.com/Sent
X-Identity-Key: iD7
Date: Sat, 04 Feb 2006 xx:xx:xx -0500
From: eBay <custservice_id_2510493102 [at] ebay.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: XXX
Subject: eBay Inc - Please Validate Your Account [Sat, 04 Feb 2006 xx:xx:xx -0700]
Content-Type: multipart/related;
boundary="------------050900000802020402050009"
Message-ID: [ID filtered]
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 4 (From SPF protected domain over unauthorized server)
X-GMX-UID: [UID filtered]
http://211.157.100.75:180/r1/e/