Alberta Treasury Branch Phish from Australia

From - Sat May 25 07:47:16 2013

X-Account-Key: account1

X-UIDL: 00001add4f5d9180

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

X-AVG: Scanning

Return-Path:

X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca

X-Spam-Level: **

X-Spam-Status: No, score=3.0 required=5.0 tests=BOTNET,RCVD_IN_SPAMCANNIBAL,

RELAY_CHECKER_BADDNS autolearn=no version=3.3.2

X-Original-To: dave@doctor.nl2k.ab.ca

Delivered-To: dave@doctor.nl2k.ab.ca

Received: by doctor.nl2k.ab.ca (Postfix, from userid 0)

id 88FBB12CFA9E; Wed, 22 May 2013 12:46:20 -0600 (MDT)

Resent-From: root@doctor.nl2k.ab.ca

Resent-Date: Wed, 22 May 2013 12:46:20 -0600

Resent-Message-ID: <20130522184620.GB1186@doctor.nl2k.ab.ca>

Resent-To: Dave Yadallee

X-Original-To: doctor@nk.ca

Delivered-To: doctor@nk.ca

Received: from host.gapajob.com.au (unknown [173.199.190.140])

(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))

(No client certificate requested)

by doctor.nl2k.ab.ca (Postfix) with ESMTPS id AE9E212CFAA3

for ; Wed, 22 May 2013 11:14:30 -0600 (MDT)

Received: from 70-91-112-217-miami-fl.hfc.comcastbusiness.net ([70.91.112.217]:48781 helo=MICROMAS0H)

by host.gapajob.com.au with esmtpsa (SSLv3:EDH-RSA-DES-CBC3-SHA:168)

(Exim 4.80)

(envelope-from )

id 1UfBRU-0007ta-HV

for doctor@nk.ca; Thu, 23 May 2013 01:59:09 +1000

From: "ATB BUSINESS - ONLINE"

Subject: Alberta Treasury Branch - Monthly Statement Summary Report 05-2013

To: doctor@nk.ca

Content-Type: multipart/mixed; boundary="BHMyMbFcJk6EwFT9=_43BWynHjms9loep9"

MIME-Version: 1.0

Reply-To: samantha.taliaferro@atb.com.au

Date: Wed, 22 May 2013 11:59:09 +0000

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - host.gapajob.com.au

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - atb.com.au

X-Get-Message-Sender-Via: host.gapajob.com.au: authenticated_id: samantha.taliaferro@thoughtsonbox.com.au

X-Source:

X-Source-Args:

X-Source-Dir:

X-Sanitizer: This message has been sanitized!

X-Sanitizer-URL: http://mailtools.anomy.net/

X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $

X-Virus-Scanned: clamav-milter 0.97.8-exp-debug at doctor.nl2k.ab.ca

X-Virus-Status: Clean

X-Antivirus: AVG for E-mail 10.0.1432 [3184/5854]

X-AVG-ID: ID174CFBD8-387C99E9

X-Brightmail-Tracker: AAAAAA==

X-Brightmail-Tracker: AAAAAA==



This is a multi-part message in MIME format



--BHMyMbFcJk6EwFT9=_43BWynHjms9loep9

Content-Type: text/plain_; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



DEAR ALBERTA TREASURY BRANCH CUSTOMER



Your most recent monthly statement is ready and is available for download (=

see attachement). The statement includes all ATB Financial transactions and=

your starting and ending balances.



We email you to let you know your account statement is ready. You can view =

or print a copy of your statement from the same page. kindly download the a=

ttached file to view your most recent statement.



ATB Financial Online Services

Customer Relations Services





As this e-mail is an automated message, do not reply to this email.





--------------------------------------------------



No virus found in this message.

Checked by AVG - www.avg.com

Version: 2013.0.1901 / Virus Database: 4108/8641 - Release Date...





--BHMyMbFcJk6EwFT9=_43BWynHjms9loep9

Content-Type: text/sanitizer-log; charset="iso-8859-1"

Content-Transfer-Encoding: 8bit

Content-Disposition: attachment; filename="sanitizer.log"



This message has been 'sanitized'. This means that potentially

dangerous content has been rewritten or removed. The following

log describes which actions were taken.



Sanitizer (start="1369242882"):

Part (pos="1908"):

SanitizeFile (filename="unnamed.txt", mimetype="text/plain "):

Match (names="unnamed.txt", rule="2"):

Enforced policy: accept



Rewrote MIME field _type as

>>text/plain_<< (was >>text/plain <<)



Part (pos="2784"):

SanitizeFile (filename="ATB Financial Statements May 2013.html", mimetype="application/octet-stream"):

Match (names="ATB Financial Statements May 2013.html", rule="2"):

Enforced policy: accept



File name doesn't match file contents, defanging.

Replaced mime type with: application/DEFANGED-270217

Replaced file name with: ATB Financial Statements May 2013_html.DEFANGED-270217



Total modifications so far: 2





Anomy 0.0.0 : Sanitizer.pm

$Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $



--BHMyMbFcJk6EwFT9=_43BWynHjms9loep9

Content-Type: multipart/alternative;

boundary="=======AVGMAIL-5F7639A2======="



--=======AVGMAIL-5F7639A2=======

Content-Type: text/plain; x-avg=cert; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline

Content-Description: "Certification"



-----

Viruses found in the attached files.

ATB Financial Statements May 2013_html.DEFANGED-270217: Virus found JS=

/Phish. The attachment was moved to the Virus Vault.



Checked by AVG - www.avg.com

Version: 10.0.1432 / Virus Database: 3184/5854 - Release Date: 05/24/13=



--=======AVGMAIL-5F7639A2=======--



--BHMyMbFcJk6EwFT9=_43BWynHjms9loep9

Content-Type: multipart/alternative;

boundary="=======AVGMAIL-4E1AD8E1======="



--=======AVGMAIL-4E1AD8E1=======

Content-Type: text/plain; x-avg=cert; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline

Content-Description: "Certification"



-----

No virus found in this message.

Checked by AVG - www.avg.com

Version: 10.0.1432 / Virus Database: 3184/5854 - Release Date: 05/24/13=



--=======AVGMAIL-4E1AD8E1=======--



--BHMyMbFcJk6EwFT9=_43BWynHjms9loep9--





.



Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA