<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix"><font size="-1"><font face="Arial">Given
so few virus scanners are picking up t<font size="-1">his
malware<font size="-1"> the usual "scan before opening<font
size="-1">" idea will not be effec<font size="-1">tive
either.<br>
<font size="-1"><font size="-1">Educating users about
what attachments to avoi<font size="-1">d is such
a minefield <font size="-1">especially since
malicious PDF files have been used in the
past.<br>
<br>
<font size="-1">This might be why many
airlines have moved to <font size="-1">inline
it<font size="-1">ineraries <font
size="-1">to avoid using attachments
at all.<br>
<br>
<br>
<br>
</font></font></font></font></font></font></font></font></font></font></font></font></font></font>On
13/12/2012 11:54 AM, Nathan Ridge wrote:<br>
</div>
<blockquote
cite="mid:007c01cdd8d4$c1491130$43db3390$@matilda.net.au"
type="cite">
<pre wrap="">Wow... so now hundreds or thousands of people that are actually travelling
soon open the virus under instruction from virgin to do so, that's lazy,
they will be raped over this, they should have been much more explicit
saying only open the attachment if it is a pdf not zip or exe and make sure
you scan with an uptodate av program before opening.
-----Original Message-----
From: Greg Smith [<a class="moz-txt-link-freetext" href="mailto:greg@webmetrix.com.au">mailto:greg@webmetrix.com.au</a>]
Sent: Thursday, 13 December 2012 11:44 AM
To: Nathan Brookfield; Matt Perkins; <a class="moz-txt-link-abbreviated" href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>
Subject: Re: [AusNOG] qld transport contact
Yeah but if you have alook on their facebook page - some admin there said,
only open the pdf if you are travelling with us soon!! Idiots!
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>
[<a class="moz-txt-link-freetext" href="mailto:ausnog-bounces@lists.ausnog.net">mailto:ausnog-bounces@lists.ausnog.net</a>] On Behalf Of Nathan Brookfield
Sent: Thursday, 13 December 2012 11:38
To: Matt Perkins; <a class="moz-txt-link-abbreviated" href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>
Subject: Re: [AusNOG] qld transport contact
Virgin have advised all of their employees to inform customers of the fraud
also so they must be getting hammered.
Kindest Regards,
Nathan Brookfield (VK2NAB)
Chief Executive Officer
Simtronic Technologies Pty Ltd
Local: (02) 4749 4949 | Fax: (02) 4749 4950 | Direct: (02) 4749 4951
Web: <a class="moz-txt-link-freetext" href="http://www.simtronic.com.au">http://www.simtronic.com.au</a> | E-mail:
<a class="moz-txt-link-abbreviated" href="mailto:nathan.brookfield@simtronic.com.au">nathan.brookfield@simtronic.com.au</a>
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>
[<a class="moz-txt-link-freetext" href="mailto:ausnog-bounces@lists.ausnog.net">mailto:ausnog-bounces@lists.ausnog.net</a>] On Behalf Of Matt Perkins
Sent: Thursday, 13 December 2012 12:36 PM
To: <a class="moz-txt-link-abbreviated" href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>
Subject: Re: [AusNOG] qld transport contact
We have seen the same virgin blue spoofed ones for about 3 - 4 days now.
There's a jetstar one as well. Mail can be a bane.
Matt.
On 13/12/12 12:17 PM, Nathan Ridge wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hey,
It seems to be getting far worse... We are now seeing the same type of
</pre>
</blockquote>
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">thing coming from virginblue.com.au and ticketek, thousands of emails
getting stopped now on our filters from multiple companies
Nathan
-----Original Message-----
From: Heinz N [<a class="moz-txt-link-freetext" href="mailto:ausnog@equisoft.com.au">mailto:ausnog@equisoft.com.au</a>]
Sent: Thursday, 13 December 2012 11:07 AM
To: <a class="moz-txt-link-abbreviated" href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>
Subject: Re: [AusNOG] qld transport contact
</pre>
<blockquote type="cite">
<pre wrap="">What I'm seeing is a lot of spam pretending to be QLD Transport, With
</pre>
</blockquote>
</blockquote>
<pre wrap="">
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">the QLD Transport servers added to the mail headers, but they are
fake
</pre>
</blockquote>
<pre wrap="">headers to make it look like they've passed through QLD Transport.
</pre>
<blockquote type="cite">
<pre wrap="">The actual mail server handing me the email is
Received: from a24.satur.ba.cust.gts.sk (62.168.71.248) by
chasm1.ozservers.com.au with SMTP; 12 Dec 2012 07:50:35 +1000
</pre>
</blockquote>
<pre wrap="">I am also getting lots of the same spam (with trojan exe payload)
pretending to be from qld xport BUT they are from zombies all over the
</pre>
</blockquote>
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">world. This has nothing to do with qld xport. Their name just happens
to be in the faked header. Always check the IP address of the last
SMTP relay host. Your SMTP server won't lie about the IP address that
it received the email from. The rest of the stuff/header(s) is
</pre>
</blockquote>
<pre wrap="">probably all fake.
</pre>
<blockquote type="cite">
<pre wrap="">
With a _decent_ email client, you can view all the email headers and
check them. These days, it is imperative to do that because of all the
</pre>
</blockquote>
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">spear phishing and other targeted stuff going on. All SMTP traffic
should be considered as malicious/fake until properly verified.
Regards,
Heinz N
_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<pre wrap="">
--
/* Matt Perkins
Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
Office 1300 133 299 <a class="moz-txt-link-abbreviated" href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a>
Fax 1300 133 255 Level 6, 350 George Street Sydney 2000
SIP <a class="moz-txt-link-abbreviated" href="mailto:1300137379@sip.spectrum.com.au">1300137379@sip.spectrum.com.au</a>
PGP/GNUPG Public Key can be found at <a class="moz-txt-link-freetext" href="http://pgp.mit.edu">http://pgp.mit.edu</a> */
_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
</body>
</html>