[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Phishy

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Phishy
From: Jurre van Bergen <jurre@xxxxxxxxxxxxxxxxx>
Date: Mon, 03 Feb 2014 23:03:44 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 03 Feb 2014 17:10:26 -0500
In-reply-to: <52F00B11.3060600@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Organization: USEOTR
References: <52F00B11.3060600@xxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

It doesn't seem to be targetted. It looks like your email was sucked into a spamlist to send malware too. For malware researchers, the sample can be obtained over here: https://malwr.com/analysis/YjQ1Y2FjZTcxMTgxNDgwNmE4MWIyYjIzN2RjNWM1YTc/

Jurre

On 02/03/2014 10:33 PM, phrag wrote:
> FYI: Just got this to my Tor relay mail address, with a zip file
> attached extracting to a '.scr' win exe. Curiously routed via a .gov.uk
> mail relay...
>
> GB03022014.scr: PE32 executable (GUI) Intel 80386, for MS Windows
>
> MD5: dba1e52929f6ca9d1a1bf87e4ff469cf GB2546241.zip
> MD5: fb1141494829b144b0075035022cfbb9 GB03022014.scr
>
> Samples available on request. Full mail headers attached.
>
> ==========
>
> From defeats871@xxxxxxxxxxxxx Mon Feb 03 14:06:39 2014
> Return-path: <defeats871@xxxxxxxxxxxxx>
> Received: from [217.109.27.97] (helo=WNACDHPXR)
> Received: from mail1.bemta14.messagelabs.com by server.justinarcher.net
> Received: from gateway-102.energis.gsi.gov.uk (HELO
> mx.hosting-w.gsi.gov.uk) (62.25.106.208) by
> server-10.tower-205.messagelabs.com
> X-Env-Sender: gateway.confirmation@xxxxxxxxxxxxxx
>
> From: <gateway.confirmation@xxxxxxxxxxxxxx>
> To: <tor@xxxxxxx>
> Subject: Your Online Submission for Reference 485/GB2546241 Could not
> process
> Date: Mon, 3 Feb 2014 22:16:02 +0100
>
> The submission for reference 485/GB2546241 was successfully received and
> was not processed.
> Check attached copy for more information.
> This is an automatically generated email. Please do not reply as the
> email address is not monitored for received mail.
>
> ==========
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

- --
Developer at https://www.useotrproject.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJS8BI/AAoJELc5KWfqgB0CQKAIAJxDYAzGZoZ17ijKoLWwfcvA
WaemQ3x9prjx5EU8cNwT2KWnnAX3kVqipDy4nxifKTg0Z6n6iPXZxG4MmEiYCo4+
i6Y2LuqY1MMxSKCB9LEDVbs7aAeTStO26kOVxxk1hV7pcyIppJAM8P7loaYkjaVy
7BY7IeqUMvwCZ98EqI13MzuRTC/Hu1+lMsgya8uDyl7FB2v1ZHzIYBG1RrcwzYKu
5AfhWIBqQTcoKf+8ENpHm2BbUWChuQvqQfmFAieugp4i6xdsaHm8X0xc8UO+qtwK
VO5Q73su/kmzlogbbrdt9BsN5xMCNU9qbWhaeFX3Vc5R0DSNPs4I/jmkF+PYpxA=
=1Th7
-----END PGP SIGNATURE-----

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Phishy
  - From: Geoff Down

References:
- [tor-relays] Phishy
  - From: phrag

Prev by Author: Re: [tor-relays] http://torstatus.blutmagie.de/
Next by Author: [tor-relays] http://torstatus.blutmagie.de/
Previous by thread: [tor-relays] Phishy
Next by thread: Re: [tor-relays] Phishy
Index(es):
- Author
- Thread