Chao284
join:2006-01-08
Bremerton, WA | reply to Doctor Four
Re: 419 Spam bypassing filters and blacklists? Well right now if anything what is also most disturbing about this latest run of 419 scammers, they are using some trojan that is difficult to remove and does not include an originating IP, instead it just has the IP of an innocent account that never turns up on the backlists, and currently hotmail.com and msn.com email accounts are the prime target to these Scammers to hide the originating IP, in turn the only trojan known for this is the Torpig/Mebroot, their botnets are nearly bullet-proof and likely reason almost every 419 scam never contains a originating IP and most of them connected to here is an example,
Return-Path:
Authentication-Results: mta278.mail.mud.yahoo.com from=; domainkeys=neutral (no sig); from=; dkim=neutral (no sig)
Received: from 65.55.111.81 (EHLO blu0-omc2-s6.blu0.hotmail.com) (65.55.111.81) by mta278.mail.mud.yahoo.com with SMTP; Tue, 30 Jun 2009 04:30:47 -0700
Received: from BLU146-W8 ([65.55.111.73]) by blu0-omc2-s6.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 30 Jun 2009 04:30:11 -0700
Message-ID:
Return-Path: conana051@msn.com (Forged email address)
Content-Type: multipart/alternative; boundary="_c87b12ed-1f9d-4286-8efe-3383f6c1ce10_"
Reply-To: (also forged)
From: MRS.THOBKA CONANA Add sender to Contacts
Subject: Private and Confidential
Date: Tue, 30 Jun 2009 11:30:11 +0000
Importance: Normal
MIME-Version: 1.0
Bcc: (this part of the full header is exploited)
Content-Length: 10982
And in turn the IPs on MSN's mail server are at 65.55.111.xx, apparently a botnet trojan likely running on this IP since I have received this scam from this IP many times, and in turn some botnets such as the cutwail2 and the xarvester botnet in previous emails already reported on google groups, most likely in connection of the Torpig/Mebroot botnet gang probably using open relays. |
|
Reviews:
 ·Callcentric
·Future Nine Corp..
| You won't find the lads' real IPs until you get their first reply to your initial "Can I really get this money?" query. The bots ONLY send out the mass emails, the replies are handled by the first tier of lads (the ones that are the most fun to screw with). |
|
Chao284
join:2006-01-08
Bremerton, WA | Well their IPs do have a hidden direct link with the scammer, but use MSN/hotmail to prevent spam filters making it spam and just an innocent person's email address, in that method plus such bots as cutwail2 and xarvester have a higher success rate at infecting Microsoft related systems that would prolonged the spam problem, oh and that is not all, I had found a bit more infomation that the captcha system has been broken on MSN/hotmail system out there next to google's Gmail service and these 2 bots likely have the capability of doing that task which means Nigeria has some capability of doing this kind of method. |
|
