Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Re: Phishing site - Warnings from Google: Are YOU warned? (http://www.velocityreviews.com/forums/t707497-re-phishing-site-warnings-from-google-are-you-warned.html)

Mike Easter 12-03-2009 01:43 PM
Re: Phishing site - Warnings from Google: Are YOU warned?
 
~BD~ wrote:
> This is an email delivered by Hotmail:-

..... and another thing.

This (the way you did in that message) is not the proper way to discuss
the mechanisms involved in a spam or a scam.

We are not actually seeing what we need to see because you didn't put
the message source of the spam into your message, which you shouldn't be
doing in this group anyway, because that stuff is ugly.

The proper way to discuss a spam and what it is doing is by accessing
the message source or the 'properties' of the spam, which includes the
complete headers and the unrendered spambody.

When you (ambiguously) say 'delivered by hotmail' that /could/ mean that
you received the mail in a hotmail account namely a hotmail webmail. I
don't have a hotmail account, but there are instructions available for
how to view the complete headers and unrendered body at spamcop's site

http://www.spamcop.net/fom-serve/cache/22.html Hotmail and Windows Live
Hotmail - To see the full, unmangled headers in Hotmail: <snip> To see
the full, unmangled headers if you are using Windows Live version of
Hotmail:

.... but the *headers* aren't exactly the issue in this case, but the
'whole enchilada' (the entire message source including the headers) is
always the best method to examine a spam. In this case an important
consideration is exactly how the spam/scam/phish body was /constructed/
to provide *the obfuscated link*.

It is possible, as explained in the video at the link I provided in an
earlier message, that safari called the link a phishing link because of
the way it was *constructed* and put into the browser /addressline/ than
by anything either at the actual link or than by the link's address
being in some database.

People who discuss spam and its content display the spam message source
properly, not the way you posted it here, by either -1- being a reg'd
spamcop reporter and pasting it into the spamcop parser and cancelling
the report and pasting the spamcop tracker link in the group's message
where it is being discussed -2- if not a spamcop reporter then
either -2a- pasting it the message source into a website (not as a
graphic, but as the text file) or -2b- submitting it into the system
called news.admin.net-abuse.sightings - which I haven't used in a while.

There are a number of problems with simply pasting the spam's message
source into a message which you post into this group.


--
Mike Easter


All times are GMT. The time now is 08:01 AM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.