is this a new kind of spam ??

The place for what's new and going on in the tech, innovation, and science world.

is this a new kind of spam ??

Postby DaFoxx » Thu Jun 13, 2013 8:10 pm

my dad died almost a year ago now
I monitor his account to ensure that any mails from real contacts are informed of his passing
but I also update and chop spam
until recently
started getting some containing no apparent links
all in Japanese pictograms and when I try to add to blocked list, it pops up to say it is an invalid address !!!!!!!

so have they figured a way to deliver through the system, or am I missing a trick here
post details below - suitably edited
x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uens/Qsl/xPpXIWAoU7QBzmn0KpTxUat0s3dcrVVaZYvRpMiILCTAQfYhREMXwyEn2mlBPEtCbfQTPKrcPtBJbXbCkO0PXIq6bjBh44En07gWvo=
Authentication-Results: hotmail.com; spf=pass (sender IP is 4.31.168.71; identity alignment result is fail and alignment mode is relaxed) smtp.mailfrom=sds@4inperfectbalance.com; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=hotmail.com; x-hmca=none header.id=xxx@hotmail.com
X-SID-PRA: xxx@hotmail.com
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: HY0JcSSCx0ouXGGebbcoTNuonsg4diGVefPGMJ3OoXbTj1mRGPo33mj63C/rD7aatbKNOu04InRMKdZbM8gyPPLWvQPa1D5KQ4JjlZDw5k9QgP7hzduA9/g35xQZw2ivuDSFYD2n2gr3EfXTD0tkjcCBO6dtZmF8+i2/i/W3/HY=
Received: from 4inperfectbalance.com ([4.31.168.71]) by SNT0-MC4-F42.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Thu, 13 Jun 2013 03:25:08 -0700
Received: from localhost (127.0.0.1) by 4inperfectbalance.com id hn6f080n7lgi for <xxx@hotmail.com>; Thu, 13 Jun 2013 06:25:06 -0400 (envelope-from <sds@4inperfectbalance.com>)
From: Unfair Bank-Charges Claims
To: xxx@hotmail.com
Subject:{xxx}, =?UTF-16?B?UgBlAGMAbABhAGkAbQAgAFkAbwB1AHIAIABNAG8AbgBlAHkALgAgAFUAcwBlACAAdABoAGUAIABQAFAASQAgAEMAYQBsAGMAdQBsAGEAdABvAHIAIAB0AG8AIABTAGUAZQAgAFcAaABhAHQAIABZAG8AdQAnAHIAZQAgAE8AdwBlAGQA?=
From: <xxx@hotmail.com>
From: Unfair Bank-Charges Claims..<admin@YC7NGY.4inperfectbalance.com>
X-Originating-IP: 4.31.168.71
Content-Type: text/html
Return-Path: sds@4inperfectbalance.com
Message-ID: <SNT0-MC4-F42iDirM4s00859901@SNT0-MC4-F42.Snt0.hotmail.com>
X-OriginalArrivalTime: 13 Jun 2013 10:25:08.0863 (UTC) FILETIME=[478788F0:01CE6820]
Date: 13 Jun 2013 03:25:08 -0700


I can see the sds@4inperfectbalance.com within the header info, but it isn't in mail when I try to add to blocked list
so where I may be able to figure a way to block, what chance jo blogs
Beware of Geeks bearing GIF's :mrgreen:
User avatar
DaFoxx
DaBOSS
 
Posts: 8479
Joined: Sun Dec 25, 2005 1:20 am
Location: 3rd Rock from the Sun

Re: is this a new kind of spam ??

Postby rapier57 » Fri Jun 14, 2013 7:50 am

Whois shows this 4inperfectbalance.com is owned by Live Wire Software, Ft Lauderdale, FLA, registered through registrar.com.

Whois.registrar.com just redirects to hashtag.com, so you can't get more info. I suspect the 4inperfectbalance.com site and registrar are all messed up.

I also suspect you get an invalid email address when you try to block it because you can't get a reverse lookup on 4inperfectbalance.com.

'Cause registrar.com is messed up.

Just sayin'!
Rapier57.

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.


@rapier57
User avatar
rapier57
I've posted HOW many
 
Posts: 3113
Joined: Thu Mar 02, 2006 10:43 pm
Location: Spokane, WA USA

Re: is this a new kind of spam ??

Postby DaFoxx » Fri Jun 14, 2013 4:28 pm

I added 4inperfectbalance.com to blacklist anyway :)

we shall see what else arrives
Beware of Geeks bearing GIF's :mrgreen:
User avatar
DaFoxx
DaBOSS
 
Posts: 8479
Joined: Sun Dec 25, 2005 1:20 am
Location: 3rd Rock from the Sun

Re: is this a new kind of spam ??

Postby DaFoxx » Tue Jun 18, 2013 8:49 pm

still getting similar mails to dads account, and so I clicked reply
DIDN'T send :P

got EuroMillions Club in header with a load of other guff that wont C+P

so typing to the fore
gawd help us if this is code :P

EuroMillions Club <=?UTF-8?B?RXVyb01pbGxpb25zIENsdWI=?=>

all of that lot shows as active in the reply mail - I assume there is a coding element in there ?
Beware of Geeks bearing GIF's :mrgreen:
User avatar
DaFoxx
DaBOSS
 
Posts: 8479
Joined: Sun Dec 25, 2005 1:20 am
Location: 3rd Rock from the Sun

Re: is this a new kind of spam ??

Postby rapier57 » Thu Jun 20, 2013 5:40 am

Well, I'm very rusty on this kind of stuff, but it looks like an embedded/compressed java script in UTF.

If you have java script enabled in your browser, it could run.

I don't. It won't.

If it came in an email, they want you to hit a web site and trigger this script.

I could be wrong.
Rapier57.

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.


@rapier57
User avatar
rapier57
I've posted HOW many
 
Posts: 3113
Joined: Thu Mar 02, 2006 10:43 pm
Location: Spokane, WA USA


Return to Tech News Zone

Who is online

Users browsing this forum: No registered users and 8 guests

cron