[LINK] spam not caught

Rick Welykochy rick at praxis.com.au
Wed Jan 14 11:30:18 AEDT 2009

Jan Whitaker wrote:

> This one came in just now and appears to be 
> valid, Except I don't have a paypal account. And 
> "successfully" is misspelled in the subject line.

The body of the email tells you to update your PayPal
account but does not provide a link. Perhaps this is
not a phish, rather a trojan delivery email.

> Note also the domain: pay-pal.us ??? Is there a new 2LD we don't know about?

.US is the 2LD for the USA.

takes you to a parked domain generic (read CRAP WASTELAND) site.

> I've included the full header info for 
> examination. Maybe I don't have my spam-assassin set at a high enough level?

Are you using adaptive filtering? Train your spam filter on this one.
That's all I have to do with a false negative.

> Also, there was an attachment that was a 
> filename.pdf.html format. Also weird. I didn't open it.

Aha. Windows will display "filename.pdf" but open it as an HTML
document. An examination of the HTML source might show lots of
JS and other crap intended to ultimately deliver a virus to your
machine. Care to share what is in this HTML file?


Rick Welykochy || Praxis Services

All truth passes through three stages. First, it is ridiculed. Second, it
is violently opposed. Third, it is accepted as being self-evident.
      -- Arthur Schopenhauer

More information about the Link mailing list