Got this email today, adressed to my Orcon account, entitled "orcon.net.nz
ID:
" (My xxx's)
Headers follow:
Return-Path: <>
Received: from 84.46.160.61 (p2p-84-46-160-61-ird.vln0 [84.46.160.61] (may
be forged)) by dbmail-mx2.orcon.net.nz (8.13.2/8.13.2/Debian-1) with SMTP id
jAA7CFCY025395 for <>; Thu, 10 Nov 2005 20:12:22 +1300
Message-ID: <bdf501c5e5cc$81b14241$>
From: Verification <>
To:
Subject: **SPAM**
=?iso-8859-1?B?b3Jjb24ubmV0Lm56IElEOiBtaXNmaXRAb3Jjb24ubmV0Lm 56?=
Date: Thu, 10 Nov 2005 08:00:54 +0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express V6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Virus-Scanned: ClamAV version 0.87, clamav-milter version 0.87 on
dbmail-mx2.orcon.net.nz
X-Virus-Status: Clean
X-Spam-Score: 6
X-DSPAM-Confidence: 0.5636
X-DSPAM-Probability: 1.0000
X-Antivirus: AVG for E-mail 7.1.362 [267.12.8/166]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-43740DFD2839======="
X-RegEx-Score: 740.6
X-RegEx-Warning: spam (740.6 > 499.9)
X-RegEx: [110.9] FROM_NUMERIC_HELO sender helo'd with an IP address
X-RegEx: [59.6] FROM_AND_RECEIVED_DO_NOT_MATCH FQDN in From and Received
header do not match
X-RegEx: [150.0] PRONOUNCE_BODY This can nobody pronounce
X-RegEx: [150.0] INVALID_HTML_NOTHING_TAGS <HTML>Tag ohne </HTML>Tag
X-RegEx: [50.0] INVALID_HTML_NOT_CORRECT_BODY_LINK HTML Link ohne korrekten
HTML Body
X-RegEx: [110.0] HTTP_ESCAPED_HOST Uses %-escapes inside a URL's hostname
X-RegEx: [110.1] HTTP_EXCESSIVE_ESCAPES Completely unnecessary %-escapes
inside a URL
X-Bayesian-Result: Spam (100)
X-Bayesian-Words: 2005 99 7.1.362 99 7bit 99 avg 99 certification 99 checked
99 clamav 99 clamav-milter 99 clean 99 database 99 dbmail-mx2 99 e-mail 99
edition 99 express 99 found 99
X-SpamPal: SPAM REGEX ID#315162029-08
The plain-text email was blank, with an HTML attachment. AVG7 gave it a
clean bill of health so, contents of the HTML attachment follow:
"De?ra? orcon.net.nz M?rebme?,
We must ch?kce? t?ah?t y?ruo? orcon.net.nz ID was r?eretsige?d by re?la?
p?oe?ple. So, to he?pl? orcon.net.nz pre?tnev? a?detamotu?
regist?itar?ons, pl?ae?se cli?kc? on th?si? li?kn? and com?lp?ete co?ed?
verifi?noitac? pr?seco?s:
http://orcon.net.nz/eE9f9OryBEEdW6zX...QteDPemawk4kk0
Th?kna? you"
++++++++++++++++++++++++++++
Wow!! Weirdness! When I clicked the HTML link and it opened in Firefox it
was all garbled. When I highlighted it and cut'n'pasted here it came out
perfectly. Here it is cut'n'pasted into notepad, where it looked a mess,
then here:
++++++++++++++++++++++++++++
De?ra? orcon.net.nz M?rebme?,
We must ch?kce? t?ah?t y?ruo? orcon.net.nz ID was r?eretsige?d by re?la?
p?oe?ple. So, to he?pl? orcon.net.nz pre?tnev? a?detamotu?
regist?itar?ons, pl?ae?se cli?kc? on th?si? li?kn? and com?lp?ete co?ed?
verifi?noitac? pr?seco?s:
http://orcon.net.nz/eE9f9OryBEEdW6zX...QteDPemawk4kk0
Th?kna? you
++++++++++++++++++++++++++++
Ok, wierdness again. It was a mess in notepad, but fine here. Maybe I should
type it as I see it in Firefox?
++++++++++++++++++++++++++++
"Dera orcon.net.nz Mrebme,
We must chkce taht yruo orcon.net.nz ID was reretsiged by rela poeple. So,
to hepl orcon.net.nz pretnev adetamotu registitarons, plaese clikc on thsi
likn and comlpete coed verifinoitac prsecos
<URL>
Thkna you.
+++++++++++++++++++++++++++++
How come OE rearranges it all and makes it readable?
So, is this a phishing expedition, an Orcon/firefox incompatibility issue or
an attempt at spreading a virus? Running Windows I'm not about to click that
link.
I've had that Orcon free email for several years now, from the first month
they were made available.
Cheers,
--
~misfit~
Similar Threads
