[AusNOG] qld transport contact
Nathan Ridge
ridgey at matilda.net.au
Thu Dec 13 12:17:39 EST 2012
Hey,
It seems to be getting far worse... We are now seeing the same type of thing
coming from virginblue.com.au and ticketek, thousands of emails getting
stopped now on our filters from multiple companies
Nathan
-----Original Message-----
From: Heinz N [mailto:ausnog at equisoft.com.au]
Sent: Thursday, 13 December 2012 11:07 AM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] qld transport contact
> What I'm seeing is a lot of spam pretending to be QLD Transport, With
> the QLD Transport servers added to the mail headers, but they are fake
headers to make it look like they've passed through QLD Transport.
> The actual mail server handing me the email is
> Received: from a24.satur.ba.cust.gts.sk (62.168.71.248) by
> chasm1.ozservers.com.au with SMTP; 12 Dec 2012 07:50:35 +1000
I am also getting lots of the same spam (with trojan exe payload) pretending
to be from qld xport BUT they are from zombies all over the world. This has
nothing to do with qld xport. Their name just happens to be in the faked
header. Always check the IP address of the last SMTP relay host. Your SMTP
server won't lie about the IP address that it received the email from. The
rest of the stuff/header(s) is probably all fake.
With a _decent_ email client, you can view all the email headers and check
them. These days, it is imperative to do that because of all the spear
phishing and other targeted stuff going on. All SMTP traffic should be
considered as malicious/fake until properly verified.
Regards,
Heinz N
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list