Someone's scraping NANOG for phishing purposes again

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Fri Feb 10 19:09:02 UTC 2017


On Fri, 10 Feb 2017 13:22:31 -0500, Rich Kulawiec said:
> On Fri, Feb 10, 2017 at 11:56:02AM -0600, Andrew Latham wrote:
> > On a great many mailing lists, Suresh is spot on as this looks more like
> > infected user but headers would be good.

The one I found in my mailbox yesterday tends to support "multiple users
infected with a spamming botnet":

Received: from smtp.interfree.it (smtp.interfree.it [80.91.55.53]) by  mr3.cc.vt.edu (8.14.7/8.14.7) with ESMTP id v190Ro7i021554 for  <Valdis.Kletnieks at vt.edu>; Wed, 8 Feb 2017 19:27:56 -0500
Received: from [59.55.63.88] (helo=jame-PC) by smtp.interfree.it with esmtpsa  (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from <bazzanie at interfree.it>) id  1cbcaI-0007Zj-Cz; Thu, 09 Feb 2017 01:27:42 +0100
Message-id: <1427704941.20170209032724 at interfree.it>

Subject: look at that, it's amazing!
From: "William Herrin" <bazzanie at interfree.it>
Date: Thu, 9 Feb 2017 06:27:24 +0600 (Wed 19:27 EST)
To: "Ronald F. Guilmette" <rfg at tristatelogic.com>,         "Robert Webb"  <rwebb at ropeguru.com>,         "Valdis Kletnieks" <Valdis.Kletnieks at vt.edu>,         "Scott  Brim" <scott.brim at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170210/93a38f82/attachment.sig>


More information about the NANOG mailing list