On Thu, 14 Aug 2014, Alex wrote:
Hi,
But when they do I doubt that they do it via Yahoo from somebody in
Bangladesh.
Looking at the headers in that pastbin example, the originating IP is
114.31.4.36 which looks like it's from a cyber-cafe in Bangladesh.
Microsoft outsourcing their tech-support that badly? I don't think so.
Right, that was my point. The sender is not one of my trusted users, yet
the link in the body seems legit.
So what's the point of this spam? Just a misconfigured machine somehow?
That's a really good question.
Perhaps it was a malware attempt and the attacker forgot to replace the
valid MSFT URL with their own URL...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If guards and searches and metal detectors can't keep a gun out of
a maximum-security solitary confinement prisoner's cell, how will
a disciplinary policy and some signs keep guns out of a university?
-----------------------------------------------------------------------
Tomorrow: the 69th anniversary of the end of World War II
