[AusNOG] qld transport contact

Matt Perkins matt at spectrum.com.au
Thu Dec 13 12:35:36 EST 2012 

We have seen the same virgin blue spoofed ones for about 3 - 4 days now. 
There's a jetstar one as well. Mail can be a bane.

Matt.

On 13/12/12 12:17 PM, Nathan Ridge wrote:
> Hey,
>
> It seems to be getting far worse... We are now seeing the same type of thing
> coming from virginblue.com.au and ticketek, thousands of emails getting
> stopped now on our filters from multiple companies
>
> Nathan
>
> -----Original Message-----
> From: Heinz N [mailto:ausnog at equisoft.com.au]
> Sent: Thursday, 13 December 2012 11:07 AM
> To: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] qld transport contact
>
>> What I'm seeing is a lot of spam pretending to be QLD Transport, With
>> the QLD Transport servers added to the mail headers, but they are fake
> headers to make it look like they've passed through QLD Transport.
>> The actual mail server handing me the email is
>> Received: from a24.satur.ba.cust.gts.sk (62.168.71.248)  by
>> chasm1.ozservers.com.au with SMTP; 12 Dec 2012 07:50:35 +1000
> I am also getting lots of the same spam (with trojan exe payload) pretending
> to be from qld xport BUT they are from zombies all over the world. This has
> nothing to do with qld xport. Their name just happens to be in the faked
> header. Always check the IP address of the last SMTP relay host. Your SMTP
> server won't lie about the IP address that it received the email from. The
> rest of the stuff/header(s) is probably all fake.
>
> With a _decent_ email client, you can view all the email headers and check
> them. These days, it is imperative to do that because of all the spear
> phishing and other targeted stuff going on. All SMTP traffic should be
> considered as malicious/fake until properly verified.
>
> Regards,
> Heinz N
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


-- 
/* Matt Perkins
         Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
         Office 1300 133 299     matt at spectrum.com.au
         Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
         SIP 1300137379 at sip.spectrum.com.au
         PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
*/

More information about the AusNOG mailing list