Poor attempt not caught by MS

Mogens Melander mogens at fumlersoft.dk
Thu Oct 31 07:18:13 GMT 2013


This is what the offending message should have looked like:

RFC822 Message body

Return-Path: <anonymous at vs1145129.vserver.de>
Received: from host.example.com ([unix socket])
by host (Cyrus v2.4.8)
with LMTPA; Wed, 30 Oct 2013 10:27:33 +0100
X-Sieve: CMU Sieve 2.4
TIT-Spam-Status: No
X-MCP-Status: No
X-SERVER-MailScanner-Watermark: 1383730033.43434 at EC969u/D5IrTzzq2yL0YFQ
X-SERVER-MailScanner-From: anonymous at vs1145129.vserver.de
X-SERVER-MailScanner-SpamScore: 3.39
X-SERVER-MailScanner-SpamCheck: not spam,
SpamAssassin (not cached, score=3.393,
required 5, BAYES_50 2.00, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.38,
MIME_HEADER_CTYPE_ONLY 0.72, MIME_HTML_ONLY 0.72, RP_MATCHES_RCVD -0.44,
T_KHOP_FOREIGN_CLICK 0.01, URIBL_BLOCKED 0.00)
X-SERVER-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 1)
X-SERVER-MailScanner: Found to be clean
X-SERVER-MailScanner-ID: r9U9R7BA001135
X-SERVER-MailScanner-Information: Please contact ISP
for more information
Received: from vs1145129.vserver.de (vs1145129.vserver.de [62.75.145.129])
by host.example.com (8.14.4/8.14.4)
with ESMTP id r9U9R7BA001135 for <user at example.com>;
Wed, 30 Oct 2013 10:27:07 +0100
Received: (qmail 32708 invoked by uid 30);
30 Oct 2013 08:08:46 +0100 Date: 30 Oct 2013 08:08:46 +0100
Message-ID: <20131030070846.32706.qmail at vs1145129.vserver.de>
To: user at example.com Subject: Reaktivere dit kort !
From: security <noreply at bank-email.37.dk> Content-Type: text/html
X-Greylist: delayed for 01:29:57 at (host.example.com [111.222.333.444])
for <user at example.com> by smf-grey v2.1.0 - http://smfs.sf.net/
MIME-Version: 1.0
<td style="font-weight: normal; font-size: 0.9em; color: #00249f;
font-family: Arial,helvetica,sans; padding:6px; text-align:left;"
width="324"> K?re kunde, <br>
<br> Vi afg?r, at nogen kan bruge dit kort uden din tilladelse.
Til din beskyttelse, har vi sp?rret dit kreditkort. For at reaktivere dit
kort:<br>
 - ?ben, vil du blive bedt om at f?lge et s?t af instruktioner. <br>
  Bem?rk: Hvis dette ikke er afsluttet, vil vi blive tvunget til p? ubestemt
  tid afbryde dit kort, fordi det kan bruges til svindel.
  <p align="center">
  <a href="http://glennwilliamsconstruction.com/.dr/dr.php">Klik
Her</a></p><br>
  <br> Vi s?tter pris p? dit samarbejde i denne sag. <br> Tak! <br>
   </td> </tr> <br />-- <br />

On Thu, October 31, 2013 01:02, Mogens Melander wrote:
> Guys,
>
> Did I miss something? I got this in my inbox today,
> and thats clearly a very poor phishing attempt.
>
> </head><frameset cols="270, *" id="fs1">
> <frame src="left_main.php" name="left" frameborder="1">
> <frame src="right_main.php" name="right" frameborder="1">
> <noframes>
>
> I think I have all scanners 0N, local and remote ??
>
> The offending text "Vi afg�r, at nogen kan bruge dit kort uden din
> tilladelse. Til din beskyttelse, har vi sp�rret dit kreditkort. For at
> reaktivere dit kort:<br> -
> �ben, vil du blive bedt om at f�lge et s�t af instruktioner. <br> Bem�rk:
> Hvis dette ikke er afsluttet, vil vi blive tvunget til p� ubestemt tid
> afbryde dit
> kort, fordi det kan bruges til svindel."
>
> In very poor Danish language.
>
> Me, personally, I don't give a .... about stuff like this, but
> there are causalities in this war.
>
> If you need information, I will not delete the thing for a few days.
>
> --
> Mogens Melander
> +66 8701 33224
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
Mogens Melander
+66 8701 33224

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list