Use a program like Mailwasher to preview email and “bounce” it back to the
sender.
73 de Mike N2YBB
From: Brian Mileshosky
Sent: Monday, March 14, 2016 2:08 PM
Subject: [arrl-odv:25240] Re: Email Virus - Scanned
Image
If you suspect it's an exploit/malware, please don't forward or distribute it to a larger audience who could also get nailed by it!
(By the way, everything about the email...from the bogus arrl.org address convention, the unnecessary use of a ZIP file for a scanned image, the fact that you weren't expecting this email or attachment, and there not being any indication of whom sent it so you can verify its legitimacy...all point to an exploitation attempt.)
73,
Brian N5ZGT
On 2016-03-14 12:00, dick@pobox.com wrote:
14 MAR 2016 -
This is the second time I have received the unannounced message and
attachment appended below. I assume this is an attempt to circulate
a nasty virus. I will destroy this copy this evening unless I hear
from some ARRL authority that it is a legitimate message.
- Dick Isely, W9GIG
=======================================================================
X-Vipre-Scanned: 004D2F3B00BAAC004D3088-TDI
Return-Path: srs0=dblw=ph=arrl.org=lands747@bounce2.pobox.com
Received: from reszmta-po-05v.sys.comcast.net (LHLO
reszmta-po-05v.sys.comcast.net) (96.114.154.197) by
resmail-ch2-327v.sys.comcast.net with LMTP; Fri, 11 Mar 2016 14:52:53 +0000
(UTC)
Received: from resimta-po-03v.sys.comcast.net ([96.114.154.152])
by reszmta-po-05v.sys.comcast.net with comcast
id Ue981s00s3HZ2xc01est1l; Fri, 11 Mar 2016 14:52:53 +0000
Received: from pb-mx4.pobox.com ([208.72.237.55])
by resimta-po-03v.sys.comcast.net with comcast
id Uess1s02c1CPyCY01estKB; Fri, 11 Mar 2016 14:52:53 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=2.1 cv=HoCLYBnS c=1 sm=1 tr=0
a=m43j2jh8PFDS1+gnbX45QA==:117 a=3CNqIsqseW0erwRM9NHcRQ==:17
a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=7OsogOcEt9IA:10
a=Dc6GgtXdhhc9vonA2tYA:9 a=wPNLvfGTeEIA:10 a=rgwsc2u9sWazB3wYVLkA:9
a=IKIoO-ieCDEA:10 a=ddFNkW6GA0iHEpF4NQjF:22 a=LLWbBOYp4-Dt5Mq48oz3:22
a=-0bwViA1pVb0VTyF5X25:22
Received: from pb-mx4.int.icgroup.com (localhost [127.0.0.1])
by pb-mx4.pobox.com (Postfix) with ESMTP id 92FAF135C1
for <grisely73@comcast.net>; Fri, 11 Mar 2016 09:52:52 -0500 (EST)
X-Pobox-Filter-Version: 3.1
X-Pobox-Pass: lands747@arrl.org is whitelisted
X-Pobox-Loop-ID: 4dcb41f42e12836be626d8ffeb7deced593b9bb9
Delivered-To: dick@pobox.com
X-Pobox-Delivery-ID: E285A2-4E992135B9-1457707972-42727661!pb-mx4.pobox.com
Received: from pb-mx4.int.icgroup.com (localhost [127.0.0.1])
by pb-mx4.pobox.com (Postfix) with ESMTP id 4E992135B9
for <dick@pobox.com.42727661.001.riddle>; Fri, 11 Mar 2016 09:52:52 -0500 (EST)
X-Pobox-Filter-Version: 3.1
X-Pobox-Loop-ID: 9e58a4181326ccaa5970e9120a2d8f8066e6d87f
Delivered-To: w9gig@arrl.org
X-Pobox-Delivery-ID:
E285A3-7739676967406172726C2E6F7267-7BF27135B3-1457707972-41958103!pb-mx4.pobox.com
Received: from dynamic.vdc.vn (unknown [116.110.14.67])
by pb-mx4.pobox.com (Postfix) with ESMTP id 7BF27135B3
for <w9gig@arrl.org>; Fri, 11 Mar 2016 09:52:51 -0500 (EST)
Mime-Version: 1.0
X-Mailer: Internet FAX, MGCS
Content-Type: multipart/mixed; boundary="+-+-+-MGCS-+-+-+"
Date: Fri, 11 Mar 2016 21:52:49 +0700
Message-Id: <6373120858.6B827BE.southlands@arrl.org>
From: "admin" <lands747@arrl.org>
Subject: [SPAM] Scanned image
To: w9gig@arrl.org
X-Pobox-Client-Address: 127.0.0.1
X-Pobox-Client-Name: localhost
X-Pobox-Client-HELO: pb-mx4.int.icgroup.com
X-Pobox-Original-Sender: SRS0=dbLw=PH=arrl.org=lands747@bounce2.pobox.com
Content-Type: text/plain; charset=iso-8859-1
Content-X-CIAJWNETFAX: IGNORE
Image data in PDF format has been attached to this email.11-03-2016-7654869322.zip
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
_______________________________________________
arrl-odv mailing list
arrl-odv@reflector.arrl.org
https://reflector.arrl.org/mailman/listinfo/arrl-odv