Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Purdy (2383)

Purdy
  jasonNO@SPAMpurdy.info
http://purdy.info/
AOL IM: EmeraldWarp (Add Buddy, Send Message)
Yahoo! ID: jpurdy2 (Add User, Send Message)

Bleh - not feeling creative right now. You can check me out on PerlMonks [perlmonks.org].

Journal of Purdy (2383)

Monday September 06, 2004
10:56 PM

Latest Phish?

[ #20763 ]

Got this odd e-mail (spam/phish/whatever):

From: "order@freeandsafety.com"
Reply-To: "order@freeandsafety.com"
To: jason@purdy.info
Subject: Your order # 12405 has been accepted for the amount 840.00$

Sony DSC-F828 8.0MP Digital Camera

Your order # 12405 has been accepted for the amount 840.00$
Your card will be charged in that amount .Thank you for your purchase.

You can check the order in your profile.

http://SOMEURL.com

So I check out the URL (w/ Firefox) and it tells me:

Sorry, your browser can't show this page

if you have a problem with brows this page - open this page in MS Internet Explorer

This is even with Firefox's User Agent extension that's supposed to trick the Web server into thinking it's really IE. So I'm thinking this is some kind of phish to get IE folks to go to their site and with some vulnerability, r00t the machine. That's why I'm not linking to the site & switched out the domain name above (tho you can see the domainname in the headers).

The full mail headers look suspicious:

Received: from www.journalistic.com (www.journalistic.com [207.252.75.144])
        by mail.journalistic.com (Postfix) with ESMTP id 32AD0198044
        for ; Mon, 6 Sep 2004 19:34:36 -0400 (EDT)
Received: from pool-141-158-136-120.scr.east.verizon.net (pool-141-158-136-120.scr.east.verizon.net [141.158.136.120])
        by www.journalistic.com (Postfix) with SMTP id 922674540DB
        for ; Mon, 6 Sep 2004 19:34:34 -0400 (EDT)

Maybe I should contact the WHOIS person?

Stewart, Cynthia
5639 Hwy 83 N
FORSYTH, GA 31029
US
Phone: (478) 994-9723

I'm sure she would be real helpful. I guess I'll keep an eye out for some charge on my card. I am kinda curious what the site would look like in IE and what it would do. Also, kinda funny to get a receipt for a site I couldn't use to order from the first place. Just kinda frustrating when you take these kinda things too seriously. ;)

Peace,

Jason

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • I've gotten hundreds of these over the past week or so, including one from a partially configured version of whatever spam template they're using. Into the bit bucket they go.