Montag, 13. Oktober 2003
Headerinfos einer Spam-Mail
Kunden, DAUs und Mails
Mo, 13 Okt 2003 10:57:04 +0200
Da hat ein Spammer sich von seiner Faulheit die Installationsanweisung zu lesen, überrumpeln lassen und hat somit verraten, wie seine Software die Headerinfos zu verbergen versucht:
Süß finde ich den Teil von wegen X-AntiAbuse...
To: <"[TO_EMAIL]"@softbaer.de> From: "Loraine" <comsiemens@genie.com> Subject: [SUBJECT][RANDOM_SPACE|20] [RANDOM_SMALL_LETTER|10] X-Priority: 3 Content-Type: text/html; charset=ISO-8859-1 Reply-To: "[FROM_NAME]" <"[FROM_EMAIL]"@softbaer.de> X-Mailer: [RANDOM_BIG_LETTER|1][RANDOM_SMALL_LETTER|10] (ver. [RANDOM_DIGIT|2].[RANDOM_DIGIT|3]) Message-ID: <[RANDOM_MIXED|5].[RANDOM_MIXED|7]@[RANDOM_MIXED|15]> Received: from [[RANDOM_IP]] by [RANDOM_MIXED|8][CHR|13][CHR|10] id [RANDOM_MIXED|5]-[RANDOM_MIXED|4] for <[FROM_EMAIL]> Date: [DAY_WEEK], [DAY_MONTH] [MONTH] [YEAR] [TIME] [TIME_ZONE] References: [RANDOM_DIGIT|6]$[RANDOM_DIGIT|7]@[RANDOM_MIXED|8] X-RECEIVED-IP: [[RANDOM_IP]] X-Originating-IP: [[RANDOM_IP]] X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-MSMail-Priority: Normal Precedence: bulk X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - [RANDOM_IP] X-AntiAbuse: Originator/Caller UID/GID - [[RANDOM_DIGIT|1] [RANDOM_DIGIT|1]] / [[RANDOM_DIGIT|1] [RANDOM_DIGIT|1]] User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2) Gecko/[RANDOM_DIGIT|4].[RANDOM_DIGIT|2] X-Originating-Host: [[RANDOM_IP]]; [DAY_WEEK], [DAY_MONTH] [MONTH] [YEAR] [TIME] [TIME_ZONE] X-Owner: [RANDOM_MIXED|10] X-Scanner: : exiscan for exim4 (http://duncanthrax.net/exiscan/) *[RANDOM_MIXED|25]*In Wirklichkeit hat der Spammer die IP-Adresse 202.110.100.227 als Relay genutzt...
Süß finde ich den Teil von wegen X-AntiAbuse...
