news.admin.net-abuse.email Google Group

Re: Help decoding phishing attachment

conny...@cox.net (jrg) — Fri, 12 Mar 2010 03:54:58 UT

On 03/11/2010 07:32 PM marzolian scribbled:
there is no hostility intended - just an amazement at the cluelessness
exhibited by your questions.
my problem is that the phishers play upon the stupidity of the receivers
to feed them the data they require and they get what they want from the
ignorant masses. this mass stupidity is what they rely upon and it

Re: Help decoding phishing attachment

marzol...@gmail.com (marzolian) — Fri, 12 Mar 2010 03:32:00 UT

I don't understand this hostility. In my original posting, I said that
it was a phishing attempt. I came here to ask for advice and I didn't
call anybody names. So what's your problem??
Thanks, that's what I suspected. I'm just an amateur proctologist.
Thor, yours was basically the only helpful response. Thank you.

Re: Help decoding phishing attachment

conny...@cox.net (jrg) — Fri, 12 Mar 2010 02:06:41 UT

On 03/11/2010 08:21 AM Richard Johnson scribbled:
if you don't know how to use a sandbox, you are in over your head from
square 1.
threat agents are just that - threat agents. by the time you've figured
out what the javascript is doing, it will be changed and you have
essentially wasted your time. I'd think that time would be better spent

Re: Damned ...

use-reply-to-mail...@remove-this.com (Claus v. Wolfhausen) — Fri, 12 Mar 2010 01:46:47 UT

In article <hnc2gd$oj...@news.eternal-sep tember.org>, nob...@spamcop.net
says...
The next luser that wrongly belives i would be Johann.
How stupid are you guy?
Since the Steigenberger Family sold their hotel-empire to the Travco Group in
2009 Johann has probably more money than all nanae regulars together.

Re: Lamie Spamtard Jamie Ballie Shuts Felosi Down

Fri, 12 Mar 2010 01:41:03 UT

This....
And this, just bring pictures to mind that are, well, clown like...

Re: UCEPROTECT listing cacert.org and right so ...

use-reply-to-mail...@remove-this.com (Claus v. Wolfhausen) — Fri, 12 Mar 2010 01:23:29 UT

In article <hnbq7d$239...@calcite.rhyolit e.com>, v...@calcite.rhyolite.com
says...
Amazon is not cacert.org
But in general being known or big is not an excuse for allowing abuse.
I had also told this to the guys at DTAG - Abuse (AS3320) which got listed
in Level 3 after chrismas 2009 and which were upset, that we were listing

Re: Help decoding phishing attachment

a...@spamfence.net (Andreas Kohlbach) — Fri, 12 Mar 2010 01:06:53 UT

marzolian wrote on 10. March 2010:
Depends on the browser. In the Internet Explorer I would not dare to test
it.
For Firefox I do (and do). There is also a nice add-on for it called
Firebug which can inspect all aspects from a web page and decode
Javascript (so when you have these junk there it shall be able to render

Re: Removing from APEWS black list

thefreespeechst...@gmail.com (Nomen Nescio) — Fri, 12 Mar 2010 00:55:31 UT

Jamie is a known troll and netkook I wouldn't want to mix yourself up with
this individual. He can be safely ignored.
Jamie
I fixed yur poast

Re: Damned ...

nob...@spamcop.net (bar0) — Fri, 12 Mar 2010 00:39:36 UT

Same here, I also don't see Johann/Claus's either except when quoted.

Re: Damned ...

post.repl...@address.invalid (Rev. Beergoggles) — Thu, 11 Mar 2010 23:41:04 UT

Never saw it.
Filters must still be working. ;)
I had fun snowboarding in a Mercedes A-180. :)
[link]
That would have been a lot more fun if the A63 wasn't
covered in a sheet of ice. Figured it would snow like
hell the day I had to drive to the airport. :(

Re: UCEPROTECT listing cacert.org and right so ...

v...@calcite.rhyolite.com (Vernon Schryver) — Thu, 11 Mar 2010 22:40:32 UT

In article <hnbo560...@news3.newsguy.com> ,
Judging from a superficial check, the mail I've seen from [link]
[213.154.225.245] has used hlin.cacert.org for the HELO value and
a cacert.org mailbox for the envelope Mail_From value.
Rejecting mail with obviously evil HELOs differs from requiring that

Re: UCEPROTECT listing cacert.org and right so ...

v...@calcite.rhyolite.com (Vernon Schryver) — Thu, 11 Mar 2010 22:18:21 UT

In article <hnbmcs$61...@news.eternal-sep tember.org>,
Would it be remarkable if Spamhaus listed Amazon and someone advised
NANAE readers who are Amazon customers to adjust their whitelists? Of
course not.
If the author were anonymous, would anyone (other than the usual suspects)
assume that the article came from Jeff Bezos? Of course not.

Re: UCEPROTECT listing cacert.org and right so ...

spam+newsgro...@bde-arc.ampr.org (D. Stussy) — Thu, 11 Mar 2010 21:47:39 UT

make
defined
a
different.
Since the HELO parameter is supposed to be the PRIMARY name of the mail
client, all that can be tested for is validity (i.e. syntax - is it a FQDN
or bracketed IP address literal), and whether (or not) it claims to be the
receiving mail server (i.e. looped back). Anything tested beyond such may

Re: UCEPROTECT listing cacert.org and right so ...

"justsomeguy[s...@justsomeguy.sm (JustSomeGuy[sm]) — Thu, 11 Mar 2010 21:43:01 UT

... but what about the Bavarian cities and district authorities users of
Cacert?!
... But what about KKlaus' claims that false positives are only those
that happen to be reported via the s00per s3kr1t web portal before the
next quarter of the moon?
... But wouldn't that take all the fun out of running a DNSBL built for

Re: can help a APEWS

j...@nothere.abc (John Smith) — Thu, 11 Mar 2010 21:20:04 UT

Logic fail fatso.