You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "John D. Hardin" <jh...@impsec.org> on 2006/05/22 02:07:39 UTC
orkut phishing? Why??
Is somebody trying to phish Orkut user accounts?
...and if so, why??? :)
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Senator, when you took your oath of office, you placed your hand on
the Bible and swore to uphold the Constitution. You didn't place your
hand on the Constitution and swear to uphold the Bible.
-- Jamie Raskin, Professor of Law at American
University, testifying before the Maryland Senate
-----------------------------------------------------------------------
---------- Forwarded message ----------
Return-Path: <ww...@zeus.acesystem.co.kr>
Received: from zeus.acesystem.co.kr ([211.224.130.137])
by ga.impsec.org (8.13.6/8.13.4) with ESMTP id k4LL6Dif005414
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <jh...@impsec.org>; Sun, 21 May 2006 14:06:22 -0700
Received: from zeus.acesystem.co.kr (localhost.acesystem.co.kr [127.0.0.1])
by zeus.acesystem.co.kr (8.13.3/8.13.1) with ESMTP id k4LHqbCU087005
for <jh...@impsec.org>; Mon, 22 May 2006 02:52:37 +0900 (KST)
(envelope-from www@zeus.acesystem.co.kr)
Received: (from www@localhost)
by zeus.acesystem.co.kr (8.13.3/8.13.1/Submit) id k4LHqbJZ087003;
Mon, 22 May 2006 02:52:37 +0900 (KST)
(envelope-from www)
Date: Mon, 22 May 2006 02:52:37 +0900 (KST)
Message-Id: <20...@zeus.acesystem.co.kr>
content-type: text/html
Subject: [SPAM] orkut - Aninha.linda enviou um convite para voc�!
From: 7257061960320487537@orkut.com
To: jhardin@impsec.org
X-Greylist: Delayed for 02:41:52 by milter-greylist-1.6 (ga.impsec.org
[207.210.83.140]); Sun, 21 May 2006 14:06:22 -0700 (PDT)
X-Spam-Prev-Subject: orkut - Aninha.linda enviou um convite para voc�!
X-Spam-DCC: :
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on ga.impsec.org
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.4 required=5.0 tests=BAYES_99,FROM_ALL_NUMS,
FROM_STARTS_WITH_NUMS,HTML_COMMENTS,HTML_MESSAGE,
HTML_MIME_NO_HTML_TAG,J_CHICKENPOX_65,MIME_HEADER_CTYPE_ONLY,
MIME_HTML_ONLY,NO_REAL_NAME autolearn=disabled version=3.0.4
X-Spam-Report:
* 0.0 NO_REAL_NAME From: does not include a real name
* 0.3 FROM_STARTS_WITH_NUMS From: starts with nums
* 0.6 J_CHICKENPOX_65 BODY: 6alpha-pock-5alpha
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 4.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 1.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.2 HTML_COMMENTS RAW: Has HTML comments
* 0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
* 0.1 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required
MIME headers
* 3.0 FROM_ALL_NUMS From an address that is all numbers (non-phone)
<p>Ol�,<br>
<br>
♪ Aninha.linda ♪ (<a href="mailto:blaidbh27@hotmail.com">ninalinda</a><a DEFANGED_Onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:blaidbh27@hotmail.com">@hotmail.com</a>)
adicionou voc� como amigo(a) no orkut.<br>
<br>
<br>
Para ver o perfil de ♪ Aninha.linda ♪, clique em:
<a href="http://www.vi-host.be/lms/claroline/upload/index.html">
http://www.orkut.com/Profile<wbr />.aspx?uid=7257061960320487537</a><br>
<br>
Para controlar os e-mails de notifica��o, acesse suas Configura��es de conta:
<a href="http://www.vi-host.be/lms/claroline/upload/index.html">
http://www.orkut.com/Settings<wbr />.aspx</a><br>
<br>
Se voc� n�o for usu�rio do orkut e quiser impedir que usu�rios do orkut lhe
enviem e-mails, visite:
<a href="http://www.vi-host.be/lms/claroline/upload/index.html">
http://www.orkut.com/Block<wbr />.aspx</a></p>
Re: orkut phishing? Why??
Posted by Kelson <ke...@speed.net>.
John D. Hardin wrote:
> Is somebody trying to phish Orkut user accounts?
Could be. It certainly looks suspicious.
> ...and if so, why??? :)
Maybe to take advantage of the fact that people often reuse passwords?
--
Kelson Vibber
SpeedGate Communications <www.speed.net>