Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > LOL, Orcon phishing email?

Reply
Thread Tools

LOL, Orcon phishing email?

 
 
~misfit~
Guest
Posts: n/a
 
      11-11-2005
Got this email today, adressed to my Orcon account, entitled "orcon.net.nz
ID: http://www.velocityreviews.com/forums/(E-Mail Removed)" (My xxx's)

Headers follow:

Return-Path: <(E-Mail Removed)>
Received: from 84.46.160.61 (p2p-84-46-160-61-ird.vln0 [84.46.160.61] (may
be forged)) by dbmail-mx2.orcon.net.nz (8.13.2/8.13.2/Debian-1) with SMTP id
jAA7CFCY025395 for <(E-Mail Removed)>; Thu, 10 Nov 2005 20:12:22 +1300
Message-ID: <bdf501c5e5cc$81b14241$(E-Mail Removed)>
From: Verification <(E-Mail Removed)>
To: (E-Mail Removed)
Subject: **SPAM**
=?iso-8859-1?B?b3Jjb24ubmV0Lm56IElEOiBtaXNmaXRAb3Jjb24ubmV0Lm 56?=
Date: Thu, 10 Nov 2005 08:00:54 +0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express V6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Virus-Scanned: ClamAV version 0.87, clamav-milter version 0.87 on
dbmail-mx2.orcon.net.nz
X-Virus-Status: Clean
X-Spam-Score: 6
X-DSPAM-Confidence: 0.5636
X-DSPAM-Probability: 1.0000
X-Antivirus: AVG for E-mail 7.1.362 [267.12.8/166]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-43740DFD2839======="
X-RegEx-Score: 740.6
X-RegEx-Warning: spam (740.6 > 499.9)
X-RegEx: [110.9] FROM_NUMERIC_HELO sender helo'd with an IP address
X-RegEx: [59.6] FROM_AND_RECEIVED_DO_NOT_MATCH FQDN in From and Received
header do not match
X-RegEx: [150.0] PRONOUNCE_BODY This can nobody pronounce
X-RegEx: [150.0] INVALID_HTML_NOTHING_TAGS <HTML>Tag ohne </HTML>Tag
X-RegEx: [50.0] INVALID_HTML_NOT_CORRECT_BODY_LINK HTML Link ohne korrekten
HTML Body
X-RegEx: [110.0] HTTP_ESCAPED_HOST Uses %-escapes inside a URL's hostname
X-RegEx: [110.1] HTTP_EXCESSIVE_ESCAPES Completely unnecessary %-escapes
inside a URL
X-Bayesian-Result: Spam (100)
X-Bayesian-Words: 2005 99 7.1.362 99 7bit 99 avg 99 certification 99 checked
99 clamav 99 clamav-milter 99 clean 99 database 99 dbmail-mx2 99 e-mail 99
edition 99 express 99 found 99
X-SpamPal: SPAM REGEX ID#315162029-08

The plain-text email was blank, with an HTML attachment. AVG7 gave it a
clean bill of health so, contents of the HTML attachment follow:

"De?ra? orcon.net.nz M?rebme?,

We must ch?kce? t?ah?t y?ruo? orcon.net.nz ID was r?eretsige?d by re?la?
p?oe?ple. So, to he?pl? orcon.net.nz pre?tnev? a?detamotu?
regist?itar?ons, pl?ae?se cli?kc? on th?si? li?kn? and com?lp?ete co?ed?
verifi?noitac? pr?seco?s:

http://orcon.net.nz/eE9f9OryBEEdW6zX...QteDPemawk4kk0

Th?kna? you"

++++++++++++++++++++++++++++

Wow!! Weirdness! When I clicked the HTML link and it opened in Firefox it
was all garbled. When I highlighted it and cut'n'pasted here it came out
perfectly. Here it is cut'n'pasted into notepad, where it looked a mess,
then here:

++++++++++++++++++++++++++++

De?ra? orcon.net.nz M?rebme?,

We must ch?kce? t?ah?t y?ruo? orcon.net.nz ID was r?eretsige?d by re?la?
p?oe?ple. So, to he?pl? orcon.net.nz pre?tnev? a?detamotu?
regist?itar?ons, pl?ae?se cli?kc? on th?si? li?kn? and com?lp?ete co?ed?
verifi?noitac? pr?seco?s:

http://orcon.net.nz/eE9f9OryBEEdW6zX...QteDPemawk4kk0

Th?kna? you

++++++++++++++++++++++++++++

Ok, wierdness again. It was a mess in notepad, but fine here. Maybe I should
type it as I see it in Firefox?

++++++++++++++++++++++++++++

"Dera orcon.net.nz Mrebme,

We must chkce taht yruo orcon.net.nz ID was reretsiged by rela poeple. So,
to hepl orcon.net.nz pretnev adetamotu registitarons, plaese clikc on thsi
likn and comlpete coed verifinoitac prsecos

<URL>

Thkna you.

+++++++++++++++++++++++++++++

How come OE rearranges it all and makes it readable?

So, is this a phishing expedition, an Orcon/firefox incompatibility issue or
an attempt at spreading a virus? Running Windows I'm not about to click that
link.

I've had that Orcon free email for several years now, from the first month
they were made available.

Cheers,
--
~misfit~


 
Reply With Quote
 
 
 
 
Craig Whitmore
Guest
Posts: n/a
 
      11-11-2005

>
> http://orcon.net.nz/eE9f9OryBEEdW6zX...QteDPemawk4kk0
>
>
>


http://orcon.net.nz/OlsQD2UwvbRdoAnN...A3jHZ2J5e106y4

actually is a link to

http://www.google.lv/url?q=http://sT...s=orcon.net.nz

redirects to:

http://sTaNdARtzA.cOm/c gi-bin /poch/redir .c gi?s=orcon.net.nz

redirects to Orcon's Server..

Strange.. doesn't seem to actually do anything ... (or I may be wrong)

They seemed to stop at 11am this morning.

Thanks
Craig








 
Reply With Quote
 
 
 
 
~misfit~
Guest
Posts: n/a
 
      11-11-2005
~misfit~ wrote:

<snip>

> The plain-text email was blank, with an HTML attachment. AVG7 gave it
> a clean bill of health so, contents of the HTML attachment follow:
>
> "De?ra? orcon.net.nz M?rebme?,
>
> We must ch?kce? t?ah?t y?ruo? orcon.net.nz ID was r?eretsige?d by
> re?la? p?oe?ple. So, to he?pl? orcon.net.nz pre?tnev? a?detamotu?
> regist?itar?ons, pl?ae?se cli?kc? on th?si? li?kn? and com?lp?ete
> co?ed? verifi?noitac? pr?seco?s:
>
> http://orcon.net.nz/eE9f9OryBEEdW6zX...QteDPemawk4kk0
>
> Th?kna? you"
>
> ++++++++++++++++++++++++++++
>
> Wow!! Weirdness! When I clicked the HTML link and it opened in
> Firefox it was all garbled. When I highlighted it and cut'n'pasted
> here it came out perfectly. Here it is cut'n'pasted into notepad,
> where it looked a mess, then here:


Even more wierdness. Now I read my post the text *is* all garbled. In the
post I sent it wasn't. WTF is going on?

Colour me confused.
--
~misfit~


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Orcon's Forums (for orcon users) Nova NZ Computing 13 03-18-2006 12:50 AM
Orcon UBS 2MBit or stick with Telecom/Orcon 2MBit ADSL? Jamie Kahn Genet NZ Computing 3 04-29-2005 10:10 PM
changing from Orcon UBS to Orcon Jetstream Brendan NZ Computing 2 02-25-2005 08:39 AM
Firefox Phishing vulnerability Tony Raven Firefox 1 01-07-2005 06:41 PM
Phishing with Firefox! Reg Mouatt Firefox 0 11-03-2004 09:22 AM



Advertisments