boxturt Posted January 16, 2004 Posted January 16, 2004 This email was "returned" to me. I didn't send it. This is just asking for me to click blindly and pick up god knows what, right? ( I altered the clickables isp#) Spam detection software, running on the system "server23.totalchoicehosting.com", hasidentified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear Sir/Madam There was an internal error at reception of the letter on your letter box. To receive this letter click URI:http://204.2.103.***/ here Regards, [...]Content analysis details: (14.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 NO_REAL_NAME From: does not include a real name 0.3 RCVD_NUMERIC_HELO Received: contains a numeric HELO 1.2 DEAR_SOMETHING BODY: Contains 'Dear (something)' 0.8 HTML_30_40 BODY: Message is 30% to 40% HTML 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message 0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date 3.3 MSGID_FROM_MTA_SHORT Message-Id was added by a relay 0.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP [80.116.206.50 listed in dnsbl.njabl.org] 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS [80.116.206.50 listed in dnsbl.sorbs.net] 0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org [80.116.206.50 listed in dnsbl.njabl.org] 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [blocked - see <http://www.spamcop.net/bl.shtml?80.116.206.50>] 1.6 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook 1.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format 0.0 CLICK_BELOW Asks you to click below 1.1 FORGED_OUTLOOK_HTML Outlook can't send HTML message only The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. Subject: Mail Failure Delivery From: mailfailure@error.com Date: Sat, 17 Jan 2004 02:22:44 -0500 To: webmaster@lyricsplayground.com Dear Sir/Madam There was an internal error at reception of the letter on your letter box. To receive this letter click here Regards, Mail service It is wise to ignore this? Quote
TCH-Dick Posted January 17, 2004 Posted January 17, 2004 That just screams scam or virus if you ask me Quote
ThumpAZ Posted January 17, 2004 Posted January 17, 2004 Screams of some sort of malware to me as well. Not sure about a virus, but defintely spam to the Nth degree. Quite possibly SPAM from a browser hijacker. I have a tst machine here that I could run that IP addy for ya... send me a PM or something. Update: Through PMs I was able to determine for him that this and another suspect message were both SPAM. One seems to have a redirect in there somewhere that took me to a common link that then redirects the victim to the dreaded lop.com site. Mad!!! WHATEVER YOU DO... DO NOT GO TO LOP.COM. You will spend HOURS getting rid of that hijacker! Mad!!! Mad!!! Quote
Lianna Posted January 17, 2004 Posted January 17, 2004 Pest Patrol! Resolves lop.com mal/ad-wares. I never leave home without it. Quote
Madmanmcp Posted January 17, 2004 Posted January 17, 2004 Read about LOP here http://www.doxdesk.com/parasite/lop.html Quote
boxturt Posted January 17, 2004 Author Posted January 17, 2004 Thanks folks - fortunately I know enough to NOT click on anything like that! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.