[AusNOG] qld transport contact

Martin - StudioCoast martin.sinclair at studiocoast.com.au
Thu Dec 13 13:18:19 EST 2012 

Given so few virus scanners are picking up this malwarethe usual "scan 
before opening" idea will not be effective either.
Educating users about what attachments to avoid is such a minefield 
especially since malicious PDF files have been used in the past.

This might be why many airlines have moved to inline itineraries to 
avoid using attachments at all.



On 13/12/2012 11:54 AM, Nathan Ridge wrote:
> Wow... so now hundreds or  thousands of people that are actually travelling
> soon open the virus under instruction from virgin to do so, that's lazy,
> they will be raped over this, they should have been much more explicit
> saying only open the attachment if it is a pdf not zip or exe and make sure
> you scan with an uptodate av program before opening.
>
> -----Original Message-----
> From: Greg Smith [mailto:greg at webmetrix.com.au]
> Sent: Thursday, 13 December 2012 11:44 AM
> To: Nathan Brookfield; Matt Perkins; ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] qld transport contact
>
> Yeah but if you have alook on their facebook page - some admin there said,
> only open the pdf if you are travelling with us soon!! Idiots!
>
>   
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net
> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Nathan Brookfield
> Sent: Thursday, 13 December 2012 11:38
> To: Matt Perkins; ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] qld transport contact
>
> Virgin have advised all of their employees to inform customers of the fraud
> also so they must be getting hammered.
>
> Kindest Regards,
> Nathan Brookfield (VK2NAB)
>
> Chief Executive Officer
> Simtronic Technologies Pty Ltd
>
> Local: (02) 4749 4949 | Fax: (02) 4749 4950 | Direct: (02) 4749 4951
> Web: http://www.simtronic.com.au | E-mail:
> nathan.brookfield at simtronic.com.au
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net
> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Matt Perkins
> Sent: Thursday, 13 December 2012 12:36 PM
> To: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] qld transport contact
>
> We have seen the same virgin blue spoofed ones for about 3 - 4 days now.
>
> There's a jetstar one as well. Mail can be a bane.
>
> Matt.
>
> On 13/12/12 12:17 PM, Nathan Ridge wrote:
>> Hey,
>>
>> It seems to be getting far worse... We are now seeing the same type of
>> thing coming from virginblue.com.au and ticketek, thousands of emails
>> getting stopped now on our filters from multiple companies
>>
>> Nathan
>>
>> -----Original Message-----
>> From: Heinz N [mailto:ausnog at equisoft.com.au]
>> Sent: Thursday, 13 December 2012 11:07 AM
>> To: ausnog at lists.ausnog.net
>> Subject: Re: [AusNOG] qld transport contact
>>
>>> What I'm seeing is a lot of spam pretending to be QLD Transport, With
>>> the QLD Transport servers added to the mail headers, but they are
>>> fake
>> headers to make it look like they've passed through QLD Transport.
>>> The actual mail server handing me the email is
>>> Received: from a24.satur.ba.cust.gts.sk (62.168.71.248)  by
>>> chasm1.ozservers.com.au with SMTP; 12 Dec 2012 07:50:35 +1000
>> I am also getting lots of the same spam (with trojan exe payload)
>> pretending to be from qld xport BUT they are from zombies all over the
>> world. This has nothing to do with qld xport. Their name just happens
>> to be in the faked header. Always check the IP address of the last
>> SMTP relay host. Your SMTP server won't lie about the IP address that
>> it received the email from. The rest of the stuff/header(s) is
> probably all fake.
>> With a _decent_ email client, you can view all the email headers and
>> check them. These days, it is imperative to do that because of all the
>> spear phishing and other targeted stuff going on. All SMTP traffic
>> should be considered as malicious/fake until properly verified.
>>
>> Regards,
>> Heinz N
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> --
> /* Matt Perkins
>           Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
>           Office 1300 133 299     matt at spectrum.com.au
>           Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
>           SIP 1300137379 at sip.spectrum.com.au
>           PGP/GNUPG Public Key can be found at  http://pgp.mit.edu */
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20121213/c8362573/attachment.html>

More information about the AusNOG mailing list