More Apple Phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: sales@nk.ca
Delivery-date: Mon, 17 Mar 2014 05:43:05 -0600
Received: from fra.fraternityadv.com ([142.4.19.198])
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.82)
(envelope-from)
id 1WPVw7-0002cO-Rg
for sales@nk.ca; Mon, 17 Mar 2014 05:43:05 -0600
Received: from adacocac by fra.fraternityadv.com with local (Exim 4.82)
(envelope-from)
id 1WPVw3-0006Fk-Pp
for sales@nk.ca; Mon, 17 Mar 2014 06:42:27 -0500
To: sales@nk.ca
Subject: Please update your account details on iTunes.
X-PHP-Script: adacocacola.com/wp-content/plugins/11.php for 77.79.107.130
From: Apple
Reply-To: app@apple.ca
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Mon, 17 Mar 2014 06:42:27 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - fra.fraternityadv.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [530 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - fra.fraternityadv.com
X-Get-Message-Sender-Via: fra.fraternityadv.com: authenticated_id: adacocac/only user confirmed/virtual account not confirmed
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/adacocac/public_html/wp-content/plugins/11.php
X-Source-Dir: adacocacola.com:/public_html/wp-content/plugins
X-Spam_score: 5.8
X-Spam_score_int: 58
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "gallifrey.nk.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Our security check detected multiple unwanted login attepmts
on your account. You need to update your iTunes account details for better
security. Click the link below to update your account details: Click Here
to Update [...]
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.6 TVD_PH_SUBJ_ACCOUNTS_POST TVD_PH_SUBJ_ACCOUNTS_POST
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.5 TVD_PH_SEC BODY: Message has a phrase standard for phishing mails
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
Subject: {SPAM?} Please update your account details on iTunes.
Envelope-to: sales@nk.ca
Delivery-date: Mon, 17 Mar 2014 05:43:05 -0600
Received: from fra.fraternityadv.com ([142.4.19.198])
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.82)
(envelope-from
id 1WPVw7-0002cO-Rg
for sales@nk.ca; Mon, 17 Mar 2014 05:43:05 -0600
Received: from adacocac by fra.fraternityadv.com with local (Exim 4.82)
(envelope-from
id 1WPVw3-0006Fk-Pp
for sales@nk.ca; Mon, 17 Mar 2014 06:42:27 -0500
To: sales@nk.ca
Subject: Please update your account details on iTunes.
X-PHP-Script: adacocacola.com/wp-content/plugins/11.php for 77.79.107.130
From: Apple
Reply-To: app@apple.ca
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Mon, 17 Mar 2014 06:42:27 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - fra.fraternityadv.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [530 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - fra.fraternityadv.com
X-Get-Message-Sender-Via: fra.fraternityadv.com: authenticated_id: adacocac/only user confirmed/virtual account not confirmed
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/adacocac/public_html/wp-content/plugins/11.php
X-Source-Dir: adacocacola.com:/public_html/wp-content/plugins
X-Spam_score: 5.8
X-Spam_score_int: 58
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "gallifrey.nk.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Our security check detected multiple unwanted login attepmts
on your account. You need to update your iTunes account details for better
security. Click the link below to update your account details: Click Here
to Update [...]
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.6 TVD_PH_SUBJ_ACCOUNTS_POST TVD_PH_SUBJ_ACCOUNTS_POST
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.5 TVD_PH_SEC BODY: Message has a phrase standard for phishing mails
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
Subject: {SPAM?} Please update your account details on iTunes.
Our security check detected multiple unwanted login attepmts on your
account.
You need to update your iTunes account details for better security.
Click the link below to update your account details:
Click Here to Update
We are sorry for any problems caused by our security check.
iTunes team.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments