If you suspect it's an exploit/malware, please don't forward or distribute it to a larger audience who could also get nailed by it! (By the way, everything about the email...from the bogus arrl.org address convention, the unnecessary use of a ZIP file for a scanned image, the fact that you weren't expecting this email or attachment, and there not being any indication of whom sent it so you can verify its legitimacy...all point to an exploitation attempt.) 73, Brian N5ZGT On 2016-03-14 12:00, dick@pobox.com wrote:
14 MAR 2016 -
This is the second time I have received the unannounced message and
attachment appended below. I assume this is an attempt to circulate
a nasty virus. I will destroy this copy this evening unless I hear from some ARRL authority that it is a legitimate message.
- Dick Isely, W9GIG
=======================================================================
X-Vipre-Scanned: 004D2F3B00BAAC004D3088-TDI Return-Path: srs0=dblw=ph=arrl.org=lands747@bounce2.pobox.com Received: from reszmta-po-05v.sys.comcast.net (LHLO reszmta-po-05v.sys.comcast.net) (96.114.154.197) by resmail-ch2-327v.sys.comcast.net with LMTP; Fri, 11 Mar 2016 14:52:53 +0000 (UTC) Received: from resimta-po-03v.sys.comcast.net ([96.114.154.152]) by reszmta-po-05v.sys.comcast.net with comcast id Ue981s00s3HZ2xc01est1l; Fri, 11 Mar 2016 14:52:53 +0000 Received: from pb-mx4.pobox.com ([208.72.237.55]) by resimta-po-03v.sys.comcast.net with comcast id Uess1s02c1CPyCY01estKB; Fri, 11 Mar 2016 14:52:53 +0000 X-CAA-SPAM: 00000 X-Authority-Analysis: v=2.1 cv=HoCLYBnS c=1 sm=1 tr=0
a=m43j2jh8PFDS1+gnbX45QA==:117 a=3CNqIsqseW0erwRM9NHcRQ==:17
a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=7OsogOcEt9IA:10
a=Dc6GgtXdhhc9vonA2tYA:9 a=wPNLvfGTeEIA:10 a=rgwsc2u9sWazB3wYVLkA:9 a=IKIoO-ieCDEA:10 a=ddFNkW6GA0iHEpF4NQjF:22 a=LLWbBOYp4-Dt5Mq48oz3:22 a=-0bwViA1pVb0VTyF5X25:22 Received: from pb-mx4.int.icgroup.com (localhost [127.0.0.1]) by pb-mx4.pobox.com (Postfix) with ESMTP id 92FAF135C1 for <grisely73@comcast.net>; Fri, 11 Mar 2016 09:52:52 -0500 (EST) X-Pobox-Filter-Version: 3.1
X-Pobox-Pass: lands747@arrl.org is whitelisted
X-Pobox-Loop-ID: 4dcb41f42e12836be626d8ffeb7deced593b9bb9 Delivered-To: dick@pobox.com X-Pobox-Delivery-ID: E285A2-4E992135B9-1457707972-42727661!pb-mx4.pobox.com Received: from pb-mx4.int.icgroup.com (localhost [127.0.0.1]) by pb-mx4.pobox.com (Postfix) with ESMTP id 4E992135B9 for <dick@pobox.com.42727661.001.riddle>; Fri, 11 Mar 2016 09:52:52 -0500 (EST) X-Pobox-Filter-Version: 3.1 X-Pobox-Loop-ID: 9e58a4181326ccaa5970e9120a2d8f8066e6d87f Delivered-To: w9gig@arrl.org X-Pobox-Delivery-ID:
E285A3-7739676967406172726C2E6F7267-7BF27135B3-1457707972-41958103!pb-mx4.pobox.com
Received: from dynamic.vdc.vn (unknown [116.110.14.67])
by pb-mx4.pobox.com (Postfix) with ESMTP id 7BF27135B3 for <w9gig@arrl.org>; Fri, 11 Mar 2016 09:52:51 -0500 (EST) Mime-Version: 1.0 X-Mailer: Internet FAX, MGCS Content-Type: multipart/mixed; boundary="+-+-+-MGCS-+-+-+" Date: Fri, 11 Mar 2016 21:52:49 +0700
Message-Id: <6373120858.6B827BE.southlands@arrl.org>
From: "admin" <lands747@arrl.org> Subject: [SPAM] Scanned image To: w9gig@arrl.org X-Pobox-Client-Address: 127.0.0.1
X-Pobox-Client-Name: localhost
X-Pobox-Client-HELO: pb-mx4.int.icgroup.com X-Pobox-Original-Sender: SRS0=dbLw=PH=arrl.org=lands747@bounce2.pobox.com
Content-Type: text/plain; charset=iso-8859-1 Content-X-CIAJWNETFAX: IGNORE
Image data in PDF format has been attached to this email.
[2]
11-03-2016-7654869322.zip [2]
_______________________________________________
arrl-odv mailing list arrl-odv@reflector.arrl.org
https://reflector.arrl.org/mailman/listinfo/arrl-odv [1] Links: ------ [1] https://reflector.arrl.org/mailman/listinfo/arrl-odv [2] file://d:eudoraattach11-03-2016-7654869322.zip
