This email was received today

Discussion in 'Spyware' started by ~BD~, May 10, 2011.

  1. ~BD~

    ~BD~ Guest

    You will see in the message info. below that this email was addressed as

    To: <>

    How can it have arrived in *my* inbox (I'm BoaterDave at

    Responses will be appreciated! :)


    X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA==

    X-Message-Status: n

    X-SID-PRA: Consult Group <>

    X-AUTH-Result: NONE


    Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.4675);

    Tue, 10 May 2011 00:43:59 -0700

    Received: from ([])

    by with esmtpa (Exim 4.71)

    (envelope-from <>)

    id 1QJhbq-0005w9-GL; Tue, 10 May 2011 08:43:58 +0100

    Received: from [] by id YTMGv1wyVvdf with
    SMTP; Tue, 10 May 2011 10:43:57 +0300

    Date: Tue, 10 May 2011 10:43:57 +0300

    From: "Consult Group" <>

    X-Mailer: The Bat! (v4.8.76.3) Educational

    X-Priority: 3 (Normal)

    Message-ID: <>

    To: <>

    Subject: Your order reference is 37852

    MIME-Version: 1.0

    Content-Type: text/plain;


    Content-Transfer-Encoding: 8bit

    X-Mailcore-Auth: 8588484

    X-Mailcore-Domain: 931887


    X-OriginalArrivalTime: 10 May 2011 07:44:00.0315 (UTC)

    Dear, Customer

    Thank you for the order,

    id: 54850152.

    Your credit card will be charged for 734 dollars.

    Information about the order and delivery located at:


    Best regards, ticket service.

    Tel./Fax.: (882) 701 46 502
    ~BD~, May 10, 2011
    1. Advertisements

  2. ~BD~

    Mike Easter Guest

    Short version:

    What the mail recipient sees in the To: field is only what the sender
    constructed/configured to populate the To: field. A great many other
    recipients can receive the same mail.

    Another version:

    If you (yourself with your mail agent) construct a mail to send to a
    great many recipients, it is not necessary (nor wise nor polite) to put
    all of your recipients into the To: field. Instead you can put all of
    them into the BCC field. Or you can put one of them into the To: field
    and then all of the recipients you included in the BCC field will get a
    mail showing that person's To:

    Another version:

    For some discussions, it is useful to consider the concept of what some
    call the 'smtp envelope' which is a series of transactions between the
    sender and the smtp server. Those elements consist of HELO, MAIL FROM,
    RCPT TO, and DATA. The information concerning who is to receive the mail
    is in the RCPT TO part. The information about the structure of the mail
    such as subject and from and to and cc is contained in the DATA section.
    Mike Easter, May 10, 2011
    1. Advertisements

  3. ~BD~

    Mike Easter Guest

    The payload is

    This is the result of testing that file at VirusTotal (previewable)

    The contents are an Order.Doc file which has 5/43 positives

    ClamAV Suspect.DoubleExtension-zippwd-12
    Kaspersky Trojan-Spy.Win32.SpyEyes.hdy
    NOD32 a variant of Win32/Kryptik.NON
    Sophos Mal/BredoZp-B
    VIPRE FraudTool.Win32.AVSoft (v)

    If you were so inclined, you could carefully examine the .doc.
    Mike Easter, May 10, 2011
  4. Please stop feeding the BD troll.

    You are also wrong. The file is NOT a DOC file it is an EXE file.

    Also in the future, please obfuscate malicious URLs and don't use shortened URLs via

    This malware copies itself to;

    It hooks into many running processes.

    It communicates to; via TCP port 444
    as well as uploading encrypted data via; /~a?brvalg/g?ate.php

    It creates a Mutex of; 2HiH8UlWBE0Me8DueMgM0VQKflf280p
    David H. Lipman, May 10, 2011
  5. ~BD~

    ASCII Guest

    Under properties it says the description is;
    [Xcrevq Skybeorm Fdxppy]
    with a file version of []
    which resolves to []
    And runs as KKA5C.exe but I don't know yet what it's doing or trying.
    ASCII, May 10, 2011
  6. ~BD~

    ~BD~ Guest

    I understand. Thanks, Mike.
    I'll ponder on that info. Thanks again. :)
    ~BD~, May 10, 2011
  7. ~BD~

    ~BD~ Guest

    Most interesting!

    As I'm currently aboard my narrowboat, with no back-up facilities, I'll
    not do anything which might put my computer out of action! I'll leave
    you clever folk to play with what I've put forward.

    <aside> I don't like the way Mr Lipman talks down to you Mike. It's
    totally unnecessary and provocative. He should be much more adult IMO.
    ~BD~, May 10, 2011
  8. ~BD~

    Mike Easter Guest

    I didn't take it out of the .zip archive. It is a somewhat boring (and
    embarrassing) story about how the file appeared in the gnome archive
    manager that misled me (allowed me to mislead myself) which I will tell
    on myself if anyone wants those details.

    It starts with the gnome File Roller filename display ending in an
    ellipse, like this 'Order.Doc...' and includes a filetype like this
    'DOS/Windo...' along with the date modified and filesize.

    If I expand the archive manager's field spaces, it not only shows the
    ..exe name but tells me in 'longhand' about the executable filetype:

    DOS/Windows executable
    Mike Easter, May 10, 2011
  9. ~BD~

    Peter Foldes Guest


    Once and for all ,stop your stupid and unnecessary Trolling and enjoy your boat
    instead of starting crap as you always do for no reason what so ever

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Peter Foldes, May 10, 2011
  10. ~BD~

    Peter Foldes Guest

    You friggin bullshitter. You read the write up about this TODAY in the UK version of
    the following below

    Why play this game BD. You are a real ugly Troll who should be gone from these

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Peter Foldes, May 10, 2011
  11. ~BD~

    Mike Easter Guest

    There's nothing - textwise - to copy and paste from there. Those are
    screenshot graphics.
    Mike Easter, May 10, 2011
  12. ~BD~

    ASCII Guest

    He shows condescension towards anyone not of the chosen.
    During his bris the elders warned him "this is just a reminder, play along,
    or we'll come back for the rest of it" <g>
    ASCII, May 10, 2011
  13. ~BD~

    ~BD~ Guest

    I'd like to understand more - please elucidate.
    ~BD~, May 10, 2011
  14. ~BD~

    Peter Foldes Guest

    I guess that flew by you Mike. BD will understand the point of that post as will

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Peter Foldes, May 10, 2011
  15. ~BD~

    ~BD~ Guest

    This is no game Peter Foldes.

    I *always* tell the truth. You will swing for your crimes!
    ~BD~, May 10, 2011
  16. ~BD~

    Max Wachtel Guest

    the enemy of my friend is my enemy
    the friend of my enemy is my enemy
    Max Wachtel, May 10, 2011

  17. That statement is a lie.

    *NOBODY* "always" tells the truth. NOBODY!
    David H. Lipman, May 10, 2011
  18. ~BD~

    Dustin Guest

    Why tell him that? He's a stupid fuckhead, David. Should have suggested
    he try to open it. <G>
    Dustin, May 10, 2011
  19. ~BD~

    Dustin Guest

    Oh, Dazzle us with your wannabe researcher skills. Too fucking funny man.
    Dustin, May 10, 2011
  20. ~BD~

    ~BD~ Guest

    Are you now "in charge" here, Mr Foldes?

    Please remember that there is no obligation upon you to read my posts!

    I'm having great fun aboard at the moment, btw! :)
    ~BD~, May 11, 2011
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.