No subject

Mogens Melander

2013-10-31 07:18:13 UTC

This is what the offending message should have looked like:

RFC822 Message body

Return-Path: <anonymous at vs1145129.vserver.de>
Received: from host.example.com ([unix socket])
by host (Cyrus v2.4.8)
with LMTPA; Wed, 30 Oct 2013 10:27:33 +0100
X-Sieve: CMU Sieve 2.4
TIT-Spam-Status: No
X-MCP-Status: No
X-SERVER-MailScanner-Watermark: 1383730033.43434 at EC969u/D5IrTzzq2yL0YFQ
X-SERVER-MailScanner-From: anonymous at vs1145129.vserver.de
X-SERVER-MailScanner-SpamScore: 3.39
X-SERVER-MailScanner-SpamCheck: not spam,
SpamAssassin (not cached, score=3.393,
required 5, BAYES_50 2.00, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.38,
MIME_HEADER_CTYPE_ONLY 0.72, MIME_HTML_ONLY 0.72, RP_MATCHES_RCVD -0.44,
T_KHOP_FOREIGN_CLICK 0.01, URIBL_BLOCKED 0.00)
X-SERVER-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 1)
X-SERVER-MailScanner: Found to be clean
X-SERVER-MailScanner-ID: r9U9R7BA001135
X-SERVER-MailScanner-Information: Please contact ISP
for more information
Received: from vs1145129.vserver.de (vs1145129.vserver.de [62.75.145.129])
by host.example.com (8.14.4/8.14.4)
with ESMTP id r9U9R7BA001135 for <user at example.com>;
Wed, 30 Oct 2013 10:27:07 +0100
Received: (qmail 32708 invoked by uid 30);
30 Oct 2013 08:08:46 +0100 Date: 30 Oct 2013 08:08:46 +0100
Message-ID: <20131030070846.32706.qmail at vs1145129.vserver.de>
To: user at example.com Subject: Reaktivere dit kort !
From: security <noreply at bank-email.37.dk> Content-Type: text/html
X-Greylist: delayed for 01:29:57 at (host.example.com [111.222.333.444])
for <user at example.com> by smf-grey v2.1.0 - http://smfs.sf.net/
MIME-Version: 1.0
<td style="font-weight: normal; font-size: 0.9em; color: #00249f;
font-family: Arial,helvetica,sans; padding:6px; text-align:left;"
width="324"> K?re kunde, 
 Vi afg?r, at nogen kan bruge dit kort uden din tilladelse.
Til din beskyttelse, har vi sp?rret dit kreditkort. For at reaktivere dit
kort: 
- ?ben, vil du blive bedt om at f?lge et s?t af instruktioner. 
Bem?rk: Hvis dette ikke er afsluttet, vil vi blive tvunget til p? ubestemt
tid afbryde dit kort, fordi det kan bruges til svindel.

<a href="http://glennwilliamsconstruction.com/.dr/dr.php">Klik
Her</a> 
 Vi s?tter pris p? dit samarbejde i denne sag. Tak! 
</td> </tr> --

Post by Mogens Melander
Guys,
Did I miss something? I got this in my inbox today,
and thats clearly a very poor phishing attempt.
</head><frameset cols="270, *" id="fs1">
<frame src="left_main.php" name="left" frameborder="1">
<frame src="right_main.php" name="right" frameborder="1">
<noframes>
I think I have all scanners 0N, local and remote ??
The offending text "Vi afg?r, at nogen kan bruge dit kort uden din
tilladelse. Til din beskyttelse, har vi sp?rret dit kreditkort. For at
reaktivere dit kort: -
Hvis dette ikke er afsluttet, vil vi blive tvunget til p? ubestemt tid
afbryde dit
kort, fordi det kan bruges til svindel."
In very poor Danish language.
Me, personally, I don't give a .... about stuff like this, but
there are causalities in this war.
If you need information, I will not delete the thing for a few days.
--
Mogens Melander
+66 8701 33224
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!

--
Mogens Melander
+66 8701 33224
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.