[LINK] spam not caught
Rick Welykochy
rick at praxis.com.au
Wed Jan 14 11:30:18 AEDT 2009
Jan Whitaker wrote:
> This one came in just now and appears to be
> valid, Except I don't have a paypal account. And
> "successfully" is misspelled in the subject line.
The body of the email tells you to update your PayPal
account but does not provide a link. Perhaps this is
not a phish, rather a trojan delivery email.
> Note also the domain: pay-pal.us ??? Is there a new 2LD we don't know about?
.US is the 2LD for the USA.
http://pay-pal.us/
takes you to a parked domain generic (read CRAP WASTELAND) site.
> I've included the full header info for
> examination. Maybe I don't have my spam-assassin set at a high enough level?
Are you using adaptive filtering? Train your spam filter on this one.
That's all I have to do with a false negative.
> Also, there was an attachment that was a
> filename.pdf.html format. Also weird. I didn't open it.
Aha. Windows will display "filename.pdf" but open it as an HTML
document. An examination of the HTML source might show lots of
JS and other crap intended to ultimately deliver a virus to your
machine. Care to share what is in this HTML file?
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
All truth passes through three stages. First, it is ridiculed. Second, it
is violently opposed. Third, it is accepted as being self-evident.
-- Arthur Schopenhauer
More information about the Link
mailing list