Reviews:
 ·WestNet Broadband
| Jetstar phishThis was detected as a phish but thought it interesting enough to post. For a second I'd thought my luck had changed. :) Return-Path: migrationse4@jetstar.com
Received: from zim-mta08.web.westnet.com.au (LHLO
zim-mta08.web.westnet.com.au) (192.168.39.38) by webmail05.westnet.com.au
with LMTP; Thu, 29 Nov 2012 05:32:57 +0800 (WST)
Received: from inbound-mail04.westnet.com.au (unknown [203.10.1.239])
by zim-mta08.web.westnet.com.au (Postfix) with ESMTP id E75FB5C1DD
for <xxxxx@westnet.com.au>; Thu, 29 Nov 2012 13:31:15 +0800 (WST)
X-Ironport-Incoming: 1
Received: from 3.152.0.109.rev.sfr.net ([109.0.152.3])
by inbound-mail04.westnet.com.au with ESMTP; 29 Nov 2012 05:32:49 +0800
Received: by 10.58.23.34 with SMTP id j2csp290522vef;
Wed, 28 Nov 2012 22:33:28 +0100
Received: by 10.50.197.169 with SMTP id iv9mr3813833igc.32.1350718734043;
Wed, 28 Nov 2012 22:33:28 +0100
Received-SPF: pass (google.com: domain of noreplyitineraries@jetstar.com designates 216.82.255.50 as permitted sender) client-ip=216.82.255.50;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of noreplyitineraries@jetstar.com designates 216.82.255.50 as permitted sender) smtp.mail=noreplyitineraries@jetstar.com
X-Env-Sender: noreplyitineraries@jetstar.com
X-StarScan-Version: 6.6.1.3; banners=jetstar.com,-,-
X-VirusChecked: Checked
Received: from unknown (HELO sydeqximr01.corp.jetstar.com) (168.134.2.42)
by server-15.tower-143.messagelabs.com with SMTP; Wed, 28 Nov 2012 22:33:28 +0100
Received: from SYDEQXITN04 (sydeqxitn04.corp.jetstar.com [172.23.145.89])
by sydeqximr01.corp.jetstar.com (Postfix) with ESMTP id DA94058046
for <<xxxxx@westnet.com.au>>; Wed, 28 Nov 2012 22:33:28 +0100
From: Jetstar <noreplyitineraries@jetstar.com>
To: <xxxxx@westnet.com.au>
Date: Wed, 28 Nov 2012 22:33:28 +0100
Subject: Jetstar Flight Itinerary
Message-ID: <20121156589089.DA09698063@sydeqximr01.corp.jetstar.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=a__egvthx_04_78_37"
Jetstar Flight Itinerary-5212966918.pdf.zip » www.virustotal.com/file/85c4e25e···4143986/--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
| I have been infected by this. It is a pretty well presented phish. ESET did not detect the cause and is unable to delete. Whatever I have been infected by is polling....
163.143.90.190:80
mapcake.ru/image.php
173.237.185.166.80
orgnet.pl/image.php
and being blocked.
Any assistance would be greatly appreciated. |
|
Reviews:
·WestNet Broadband
1 edit | That it is.
I have uploaded the .exe and you can see what it affects in this link under the additional information.
»www.virustotal.com/file/db330438···4190577/
A zbot variant is best to be sorted at the »Security Cleanup
Zbot is a known malware, most Anti Virus companies has a link to a zbot removal tool - but still it is worth a visit to the cleanup forum.
This is the Kaspersky utilities page - zbotkiller
»support.kaspersky.com/viruses/utility
Microsoft's specific link to this type of malware
»www.microsoft.com/security/porta···amarue.I
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
|
|
Reviews:
·WestNet Broadband
| reply to althecat
said by :Any assistance would be greatly appreciated.
I might add, it is quite a nasty and immediately back up your personal data to another drive or external drive and have it scanned off a clean computer and keep it aside before attempting to clean malware such as this if you value data you have on this infected computer. |
|
| reply to norwegian
Received similar.
Might be of interest/comparison:
Return-Path:
Delivered-To: *******@iinet.net.au
Received: (qmail 16255 invoked from network); 10 Dec 2012 03:37:08 -0000
Received: from unknown (HELO icp-osb-irony-in10.external.iinet.net.au) ([203.59.1.209])
(envelope-sender )
by icp-osb-smtp10.iinet.net.au (qmail-ldap-1.03) with SMTP
for ; 10 Dec 2012 03:37:08 -0000
Received: from unknown (HELO p3plsmtp04-01.prod.phx3.secureserver.net) ([72.167.218.159])
by icp-osb-irony-in10.iinet.net.au with ESMTP; 10 Dec 2012 11:37:06 +0800
Received: (qmail 31443 invoked from network); 10 Dec 2012 03:37:05 -0000
Delivered-To: *****
Received: (qmail 31439 invoked by uid 30297); 10 Dec 2012 03:37:05 -0000
Received: from unknown (HELO p3pismtp01-017.prod.phx3.secureserver.net) ([10.6.12.17])
(envelope-sender )
by p3plsmtp04-01.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for ; 10 Dec 2012 03:37:05 -0000
X-IronPort-Anti-Spam-Result: AqjdAPJVxVA97ix+Umdsb2JhbABDAYF0BgFOf2qFFZ1qhiCIFQGIPUoWAwEcUw8BAYI6JQECCg8IOB4CBQEPIwwSGgoFBAEcBI deAw4NnlqGVogmgViCQQGNFQYBi09pFQEFgRABgjZhA4hdjSiBHYoPiB2BVwEBAgUX
X-IP-SPAM: Suspect
Received: from 061238044126.ctinets.com ([61.238.44.126])
by p3pismtp01-017.prod.phx3.secureserver.net with ESMTP; 09 Dec 2012 20:36:22 -0700
Received: from mail.ippayments.com.au ([118.127.87.126]) by SNT0-MC4-F32.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Mon, 10 Dec 2012 11:36:56 +0800
Received: from web4 ([192.168.10.3])
by mail.ippayments.com.au (IceWarp 10.0.0) with SMTP id WJG59027;
Mon, 10 Dec 2012 11:36:56 +0800
Reply-To:
From:
To:
Subject: Jetstar Flight Itinerary
Date: Mon, 10 Dec 2012 11:36:56 +0800
Message-ID: 646b46a1f31ab0280c14b33b26ad9c88
Return-Path: donotreply@reports.jetstar.com
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=a__uslkmoqfyn_46_50_77" |
|
Reviews:
·WestNet Broadband
|
We are getting dozens of these types of email / exploits.
Banks, Transport-Qld-Govt-Au, Flights, TicketTek, Phone companies etc, I've posted quite a few here already yet they seem to be populating quite a few email addresses more than any other type of spam.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
