ANZ phisher

Discussion in 'NZ Computing' started by Shane, Sep 18, 2006.

  1. Shane

    Shane Guest

    Is everyone getting the latest phisher?
    Im surprisingly getting it on my dyndns domains (which dont normally get
    Aust/NZ targetted spam)
    Anyways, if anyones interested heres the headers

    Return-Path: <>
    X-Original-To: -a-geek.net
    Delivered-To: -a-geek.net
    Received: from localhost (localhost.localdomain [127.0.0.1])
            by mail.shanes.dyndns.org (Postfix) with ESMTP id 0C98125EDA
            for <-a-geek.net>; Mon, 18 Sep 2006 19:48:36 +1200
    (NZST)
    Received: from mail.shanes.dyndns.org ([127.0.0.1])
            by localhost (deviant [127.0.0.1]) (amavisd-new, port 10024)
            with ESMTP id 29321-08 for <-a-geek.net>;
            Mon, 18 Sep 2006 19:48:20 +1200 (NZST)
    Received: from 201-67-37-172.cpece700.dsl.brasiltelecom.net.br (unknown
    [201.67.37.172])
            by mail.shanes.dyndns.org (Postfix) with SMTP id 30BFE25ED9
            for <-a-geek.net>; Mon, 18 Sep 2006 19:48:16 +1200
    (NZST)
    Received: from regression.rushops.com (helo olga.envisionext.com
    [93.232.192.39])
            by recovermyfiles.com with SMTP id JIZCP59LJW
            for <-a-geek.net>; Mon, 18 Sep 2006 03:48:17 -0500
    Received: from dartmouth.hotbox.com (oregano.hotbox.com [66.52.0.207])
            by galleryplanet.com with SMTP id HW6HRKO14V
            for <-a-geek.net>; Mon, 18 Sep 2006 06:48:17 -0200
    From: "ANZ Australia & New Zealand"
    <>
    To: "Luste" <-a-geek.net>
    Subject: ANZ Internet Banking - Urgent Security Notice [Mon, 18 Sep 2006
    13:46:17 +0500]
    X-Authenticated: #95996446
    User-Agent: SmartMailer Version 1.56 -German Privat License-
    X-Priority: 3 (Normal)
    MIME-Version: 1.0
    Content-Type: multipart/related;
      boundary="EV_LINRFN21TV2S7YT"
    Message-Id: <>
    Date: Mon, 18 Sep 2006 19:48:16 +1200 (NZST)
    X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at
    weasel.is-a-geek.net
    X-Length: 17869
    X-UID: 10324


    --
    Professor Farnsworth: I was inventing things when you were barely turning
    senile!

    blog: http://shanes.dyndns.org
     
    Shane, Sep 18, 2006
    #1
    1. Advertising

  2. Shane

    Taranis Guest

    On Mon, 18 Sep 2006 20:35:27 +1200, Shane wrote:

    > Is everyone getting the latest phisher?
    > Im surprisingly getting it on my dyndns domains (which dont normally get
    > Aust/NZ targetted spam)
    > Anyways, if anyones interested heres the headers
    >



    I had a little looksee and surprise surprise the domain it goes to is
    owned in Korea. It's not a bad one and could fool some people.
    Recommendation here for Firefox users : install the netcraft toolbar.
     
    Taranis, Sep 18, 2006
    #2
    1. Advertising

  3. Shane

    XPD Guest

    "Shane" <-a-geek.net> wrote in message
    news:eellmn$hhn$...
    > Is everyone getting the latest phisher?
    > Im surprisingly getting it on my dyndns domains (which dont normally get
    > Aust/NZ targetted spam)
    > Anyways, if anyones interested heres the headers


    Yeah Ive had 2/3 come through in the past few hours.
     
    XPD, Sep 18, 2006
    #3
  4. Shane

    Anony Mouse Guest

    Shane wrote:

    15 phish email in my filtered mail.

    Spamhuas is down atm so I can't analyze much but really it is pretty
    obvious who it is.

    One 3f4eada9.8070802@mydomain for the National Bank of Aus was sent to
    an address know to be associated with Leo.

    A couple to cm@mydomain and a couple to benm@mydomain and more to my
    main email addy.

    These first two addies have been added by spammy (Probably Leo) recently.

    As you may know Leo has been harassing me for quite a while.
    These new addies are just a continuation of his harassment and are not
    email addresses that have been advertised or on any website.
    Leo has shit for brains and whatever his reason for adding new emails he
    most certainly has been told that I run a multi drop box at my domain.
    Adding more addies just helps me to prove it is him and his gang. I am
    picking it will help with his downfall. Also the gang watches
    me and every move I make, most likely the person in NZ that I know is
    part of the gang. I have hammered his domains in the past through my
    contacts and also I have been known to tuant him and others in the gang.
    Telling him to F off makes little difference as he is an outright criminal.

    I will post the evidence when Spamhaus is up, probaly in a new thread.

    These URL's are from spam sent to cm@mydomain

    http://164.hotelarrankgementzz.com/

    P&D PETROSUN DRILLING (PSUD)
    Current Price: 1.12

    Link text (http://myecar.net) URL http://lxdifect.net/

    Casino: http://awaweri.com/e/32

    More P&D Company: SHALLBETTER INDUSTRIES INC
    Symbol: SBNS.PK

    Casino: (Note $888 in spam text. This is common. If I search on these
    numbers in my archive I get many hits) http://cruserdane.com/v/v32

    Viagra: http://coovph.meditsor.info/?76102138

    Thats enough for now but as you can see the same gang is involved in
    many areas.

    New Zealanders should be asking Helen and the pieces of shit that run
    this country why this is allowed to continue?

    Anony Mouse
     
    Anony Mouse, Sep 18, 2006
    #4
  5. Shane

    BrianM Guest

    On Mon, 18 Sep 2006 19:02:36 +1000, Taranis wrote:

    > On Mon, 18 Sep 2006 20:35:27 +1200, Shane wrote:
    >
    >> Is everyone getting the latest phisher? Im surprisingly getting it on
    >> my dyndns domains (which dont normally get Aust/NZ targetted spam)
    >> Anyways, if anyones interested heres the headers
    >>
    >>
    >>

    > I had a little looksee and surprise surprise the domain it goes to is
    > owned in Korea. It's not a bad one and could fool some people.
    > Recommendation here for Firefox users : install the netcraft toolbar.


    Done. Thanks for that info

    --
    BrianM
     
    BrianM, Sep 19, 2006
    #5
  6. Shane

    Anony Mouse Guest

    Anony Mouse wrote:
    > Shane wrote:


    >
    > I will post the evidence when Spamhaus is up, probaly in a new thread.
    >
    > These URL's are from spam sent to cm@mydomain
    >
    > http://164.hotelarrankgementzz.com/


    http://www.spamhaus.org/sbl/sbl.lasso?query=SBL45912

    >
    > P&D PETROSUN DRILLING (PSUD)
    > Current Price: 1.12
    >
    > Link text (http://myecar.net) URL http://lxdifect.net/


    http://www.spamhaus.org/sbl/listings.lasso?isp=tucows.com

    >
    > Casino: http://awaweri.com/e/32
    >
    > More P&D Company: SHALLBETTER INDUSTRIES INC
    > Symbol: SBNS.PK
    >
    > Casino: (Note $888 in spam text. This is common. If I search on these
    > numbers in my archive I get many hits) http://cruserdane.com/v/v32
    >
    > Viagra: http://coovph.meditsor.info/?76102138


    http://www.spamhaus.org/sbl/sbl.lasso?query=SBL46073
    >
    > Thats enough for now but as you can see the same gang is involved in
    > many areas.
    >
    > New Zealanders should be asking Helen and the pieces of shit that run
    > this country why this is allowed to continue?
    >
    > Anony Mouse


    Sent to benm@mydomain

    http://www.manhardin.com/d/
    http://www.bersika.net/
    http://www.gervul.com/

    http://www.spamhaus.org/sbl/listings.lasso?isp=cncgroup-hn

    Thats enough to show who is sending the ANZ phishes...

    Alex Polyakov
    Leo Kuvayev
    Yambo Financials (Leo and Alex partnership)

    All part of the same criminal spam gang that attacks NZ IP space on a
    daily basis.

    Bend over NZ it is time for your dose from your comrades Leo and Alex.

    Anony Mouse
     
    Anony Mouse, Sep 19, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. T. K. Storsved

    Advice on dealing with a phisher

    T. K. Storsved, Sep 19, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    411
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Sep 19, 2004
  2. Muse Gruppes

    jobseekertool.exe/ntos.exe virus/phisher

    Muse Gruppes, Jan 11, 2007, in forum: Computer Support
    Replies:
    7
    Views:
    1,075
    Walter Mautner
    Jan 13, 2007
  3. Chris Mayhew

    ANZ Banking, Firebird, and Printing

    Chris Mayhew, Jul 30, 2003, in forum: NZ Computing
    Replies:
    4
    Views:
    423
    Chris Mayhew
    Jul 31, 2003
  4. Shane

    Funniest phisher

    Shane, May 19, 2006, in forum: NZ Computing
    Replies:
    4
    Views:
    386
    Robert Cooze
    May 21, 2006
  5. richard

    comodo is cool ... stopped a phisher

    richard, Nov 12, 2009, in forum: Computer Support
    Replies:
    12
    Views:
    554
Loading...

Share This Page