More Scotiabank Phish
Posted by Dave Yadallee on
From - Tue Jul 07 08:24:26 2009
X-Account-Key: account2
X-UIDL: dU:!!ZkQ"!?kG"!8-]"!
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:
Received: from localhost by doctor.nl2k.ab.ca
with SpamAssassin (version 3.2.5);
Tue, 07 Jul 2009 08:14:50 -0600
From: "Scotiabank"
To: undisclosed-recipients:;
Subject: SPAM Proceed the SMDI Survey
Date: Tue, 7 Jul 2009 04:29:55 -0700
Message-Id: <20090707113851.252314840B1@lib-mail.city.hokuto.hokkaido.jp>
X-Spam-Virus: Yes (Phishing.Heuristics.Email.SSL-Spoof)
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on doctor.nl2k.ab.ca
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=136.1 required=5.0 tests=BAYES_50,CLAMAV,
FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_MESSAGE,
MIME_HTML_ONLY,MSOE_MID_WRONG_CASE,RCVD_IN_JMF_BL,RCVD_IN_SORBS_DUL,
SARE_WEOFFER,URIBL_PH_SURBL autolearn=spam version=3.2.5
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4A53585A.B8FB0699"
X-UIDL: dU:!!ZkQ"!?kG"!8-]"!
X-Antivirus: AVG for E-mail 8.5.375 [270.13.6/2221]
This is a multi-part message in MIME format.
------------=_4A53585A.B8FB0699
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Scotia OnLine Communications Centre Dear ScotiaCard Member,
Welcome to "Communications Centre" service. [...]
Content analysis details: (136.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.8 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: scotianbanks.com]
0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[219.109.234.212 listed in dnsbl.sorbs.net]
13 RCVD_IN_JMF_BL RBL: Sender listed in JMF-BLACK
[219.109.234.212 listed in hostkarma.junkemailfilter.com]
45 SARE_WEOFFER BODY: Offers Something
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5001]
1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
70 CLAMAV Clam AntiVirus detected a virus
0.8 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_4A53585A.B8FB0699
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path:
X-Original-To: aboo@doctor.nl2k.ab.ca
Delivered-To: aboo@doctor.nl2k.ab.ca
Received: by doctor.nl2k.ab.ca (Postfix, from userid 101)
id A5DA67338CE; Tue, 7 Jul 2009 08:14:37 -0600 (MDT)
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Tue, 7 Jul 2009 08:14:37 -0600
Resent-Message-ID: <20090707141437.GC7592@doctor.nl2k.ab.ca>
Resent-To: See root
X-Original-To: doctor@nl2k.ab.ca
Delivered-To: doctor@nl2k.ab.ca
Received: from lib-mail.city.hokuto.hokkaido.jp (gw3.city.hokuto.hokkaido.jp [219.109.234.212])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id 4DB1C7338CE
for; Tue, 7 Jul 2009 05:30:03 -0600 (MDT)
Received: from User (209-204-144-182.dsl.static.sonic.net [209.204.144.182])
by lib-mail.city.hokuto.hokkaido.jp (Postfix) with ESMTP
id 252314840B1; Tue, 7 Jul 2009 20:38:51 +0900 (JST)
Reply-To:
From: "Scotiabank"
Subject: Proceed the SMDI Survey
Date: Tue, 7 Jul 2009 04:29:55 -0700
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20090707113851.252314840B1@lib-mail.city.hokuto.hokkaido.jp>
To: undisclosed-recipients:;
Scotia OnLine
X-Account-Key: account2
X-UIDL: dU:!!ZkQ"!?kG"!8-]"!
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:
Received: from localhost by doctor.nl2k.ab.ca
with SpamAssassin (version 3.2.5);
Tue, 07 Jul 2009 08:14:50 -0600
From: "Scotiabank"
To: undisclosed-recipients:;
Subject: SPAM Proceed the SMDI Survey
Date: Tue, 7 Jul 2009 04:29:55 -0700
Message-Id: <20090707113851.252314840B1@lib-mail.city.hokuto.hokkaido.jp>
X-Spam-Virus: Yes (Phishing.Heuristics.Email.SSL-Spoof)
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on doctor.nl2k.ab.ca
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=136.1 required=5.0 tests=BAYES_50,CLAMAV,
FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_MESSAGE,
MIME_HTML_ONLY,MSOE_MID_WRONG_CASE,RCVD_IN_JMF_BL,RCVD_IN_SORBS_DUL,
SARE_WEOFFER,URIBL_PH_SURBL autolearn=spam version=3.2.5
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4A53585A.B8FB0699"
X-UIDL: dU:!!ZkQ"!?kG"!8-]"!
X-Antivirus: AVG for E-mail 8.5.375 [270.13.6/2221]
This is a multi-part message in MIME format.
------------=_4A53585A.B8FB0699
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Scotia OnLine Communications Centre Dear ScotiaCard Member,
Welcome to "Communications Centre" service. [...]
Content analysis details: (136.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.8 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: scotianbanks.com]
0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[219.109.234.212 listed in dnsbl.sorbs.net]
13 RCVD_IN_JMF_BL RBL: Sender listed in JMF-BLACK
[219.109.234.212 listed in hostkarma.junkemailfilter.com]
45 SARE_WEOFFER BODY: Offers Something
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5001]
1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
70 CLAMAV Clam AntiVirus detected a virus
0.8 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_4A53585A.B8FB0699
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path:
X-Original-To: aboo@doctor.nl2k.ab.ca
Delivered-To: aboo@doctor.nl2k.ab.ca
Received: by doctor.nl2k.ab.ca (Postfix, from userid 101)
id A5DA67338CE; Tue, 7 Jul 2009 08:14:37 -0600 (MDT)
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Tue, 7 Jul 2009 08:14:37 -0600
Resent-Message-ID: <20090707141437.GC7592@doctor.nl2k.ab.ca>
Resent-To: See root
X-Original-To: doctor@nl2k.ab.ca
Delivered-To: doctor@nl2k.ab.ca
Received: from lib-mail.city.hokuto.hokkaido.jp (gw3.city.hokuto.hokkaido.jp [219.109.234.212])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id 4DB1C7338CE
for
Received: from User (209-204-144-182.dsl.static.sonic.net [209.204.144.182])
by lib-mail.city.hokuto.hokkaido.jp (Postfix) with ESMTP
id 252314840B1; Tue, 7 Jul 2009 20:38:51 +0900 (JST)
Reply-To:
From: "Scotiabank"
Subject: Proceed the SMDI Survey
Date: Tue, 7 Jul 2009 04:29:55 -0700
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20090707113851.252314840B1@lib-mail.city.hokuto.hokkaido.jp>
To: undisclosed-recipients:;
 |  |  | |
 | |||
| ||||||
| ||||||
------------=_4A53585A.B8FB0699 Content-Type: multipart/alternative; boundary="=======AVGMAIL-1EAF5B7D=======" --=======AVGMAIL-1EAF5B7D======= Content-Type: text/plain; x-avg=cert; charset=us-ascii Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-Description: "AVG certification" No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.375 / Virus Database: 270.13.6/2221 - Release Date: 07/06/09 17= :54:00 --=======AVGMAIL-1EAF5B7D=======-- ------------=_4A53585A.B8FB0699-- TrackbacksTrackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla. No Trackbacks Add Comment | |||||||||||||||||
Comments
Display comments as Linear | ThreadedNo comments