[AusNOG] qld transport contact

Heinz N ausnog at equisoft.com.au
Thu Dec 13 12:06:34 EST 2012


> What I'm seeing is a lot of spam pretending to be QLD Transport,
> With the QLD Transport servers added to the mail headers, but they are fake headers to make it look like they've passed through QLD Transport.
> The actual mail server handing me the email is
> Received: from a24.satur.ba.cust.gts.sk (62.168.71.248)  by
> chasm1.ozservers.com.au with SMTP; 12 Dec 2012 07:50:35 +1000

I am also getting lots of the same spam (with trojan exe payload) 
pretending to be from qld xport BUT they are from zombies all over the 
world. This has nothing to do with qld xport. Their name just happens to 
be in the faked header. Always check the IP address of the last SMTP relay 
host. Your SMTP server won't lie about the IP address that it received the 
email from. The rest of the stuff/header(s) is probably all fake.

With a _decent_ email client, you can view all the email headers and check 
them. These days, it is imperative to do that because of all the spear 
phishing and other targeted stuff going on. All SMTP traffic should be 
considered as malicious/fake until properly verified.

Regards,
Heinz N



More information about the AusNOG mailing list