PGTS PGTS Pty. Ltd.   ACN: 007 008 568

point Site Navigation

point Other Blog Threads

  Valid HTML 4.01 Transitional

   Stop The Internet Filter!

   No Clean Feed

   The Internet Filter Is An Ex-parrot!

PGTS Humble Blog

Thread: Internet Security/Malware/Spam

Author Image Gerry Patterson. The world's most humble blogger
PGTS, Your Very Humble And Trustworthy Blogger

I've Won The Lottery Again

Chronogical Blog Entries:

Date: Tue, 09 Dec 2008 16:57:17 +1100

Well, dear reader, your humble blogger is rich. Yes, I've won the lottery. And you'll never believe this ... it was Microsoft that was running the lottery! After all the unkind things I've said about them.

Ok, you probably don't believe it. Well neither did I. When Mrs. Hillary Miguel sent me this email (addressed to "undisclosed recipients", I did not give up my day-time job.

Microsoft Corporations:
Customer Service
Your Reference No: WA6FI-L/200-26937
Your Batch No: 20089SEPTL#22

We are pleased to inform you of the release of the long awaited results of
Sweepstakes promotion organized by Microsoft, in conjunction with the
foundation for the promotion of software products, (F.P.S.) held this
December 2008, in Espana. Where in your email address emerged as one of
the online Winning emails in the 2nd category and therefore attracted a
cash award of 1,000,000.00 Euros (One Million Euros) and a Dell laptop.
To begin your claim, do file for the release of your winning by contacting
our Foreign Service Manager:

Dr. Pedro Marios Ruben.
Tel: +34-634-032-995
Internet Fax: +1-831-532-9844

The Microsoft Internet E-mail lottery Awards is sponsored by our
CEO/Chairman, Bill Gates and a consortium of software promotion companies.
The Intel Group, Toshiba, Dell Computers and other International
Companies. The Microsoft internet E-mail draw is held periodically and is
organized to encourage the use of the Internet and promote computer
literacy worldwide.
Mrs.Hillary Miguel.
Promotions Manager.

There is nothing very remarkable about the body of this message. It is the usual unconvincing spammer bullshit, with poor spammer grammar, a highly unlikely spammer offer of 1 million euros (and a Dell Laptop? gosh oh gee! forget the million euros! I'll just have the laptop) and unlikely spammer patrons -- Bill Gates -- I know he's into charities -- but how many of us would believe that Bill would come out of retirement just for this? Ok, I know this spam may not be targeting the top ten percent of the population, but I get the feeling that the spammers may be so ill-informed and ignorant, they don't even realise that Citizen Gates is no longer CEO of Microsoft.

But the reason your humble blogger is mentioning our little Microsoft Lottery spammer is because the headers appeared genuine! The return-path header, all the received headers and the IP addresses (withheld) were consistent with an email that had come from a well known University in Ankara, Turkey.

How could this be? Are these enterprising young turks, being taught how to spam? Well, not likely! My eye happened to catch this header:

	User-Agent: SquirrelMail/1.4.9a

SquirrelMail, it seems, is a webmail package written in PHP. I am not familiar with it, but according to their website, the latest version is 1.4.17, and there are some warnings about vulnerabilities in earlier versions. If I can believe the received headers, it looks as if the source of the original message was, which appears to be a dynamic address owned by Cableuropa - ONO. All IP addresses run by this outfit have a poor reputation it seems. This was most likely the source of the attack against the University server.

This suggests that someone at the Middle Eastern Technical University needs to do some maintenance work on their servers.

And if you use SquirrelMail, you might want to check their website here.

Other Blog Posts In This Thread:

Copyright     2008, Gerry Patterson. All Rights Reserved.