For those of us with robust well protected systems (or disposable
machine running in VM) the URL is for a papers (as in assignments) for a
price site. The first page is fairly safe but its a malware site.
Allison
On 7/25/17 11:39 AM, Paul Koning via cctalk wrote:
On Jul 25, 2017, at 11:33 AM, geneb via cctalk <cctalk@classiccmp.org> wrote:
On Tue, 25 Jul 2017, Paul Koning wrote:
On Jul 25, 2017, at 10:50 AM, geneb via cctalk <cctalk@classiccmp.org> wrote:
On Tue, 25 Jul 2017, Leigh Paulson via cctalk wrote:
Hey!
I've just found that article and thought it might be really helpful to you, you
may find it here http://coffeesystem.malware/principal.php?4647
Warm regards, Leigh Paulson
Jay, I'll take "EMail Accounts That Have Been Comprimised" for $200.
Be careful with that assumption. It is very common for criminal email to have
forged source addresses. Just like it's common for criminal phone calls to
have forged caller IDs. A look at the routing headers will often give you a
clue; most of the time the source of the message is some nameless third world
computer nowhere close to the server responsible for the faked sender address.
It's a pretty safe assumption considering the fact that any mail admin worth their salt
(and Jay certainly is) will have their mail systems configured to reject mail from
non-authorized senders. For example, if you sent classiccmp.org an email with your
"from" header tweaked to be from ge...@deltasoft.com, the mail server will
reject it because your mail server isn't an authorized sender for the deltasoft.com
domain.
Maybe so, but in this case 30 seconds of inspection of the original message
headers makes it very clear that the sending email string is a forgery.
paul
