More blackmail phish
Posted by Dave Yadallee on
From - Mon Dec 24 06:02:19 2018
X-Account-Key: account2
X-UIDL: 0006895b501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Mon, 24 Dec 2018 06:01:49 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.91 (FreeBSD))
(envelope-from)
id 1gbPrh-0005uF-NQ
for aboo@doctor.nl2k.ab.ca; Mon, 24 Dec 2018 06:01:49 -0700
Resent-From: The Doctor
Resent-Date: Mon, 24 Dec 2018 06:01:49 -0700
Resent-Message-ID: <20181224130149.GA5777@doctor.nl2k.ab.ca>
Resent-To: See root
Received: from [37.106.122.235] (port=41255)
by doctor.nl2k.ab.ca with esmtp (Exim 4.91 (FreeBSD))
(envelope-from)
id 1gbKHS-000InS-7F
for root@nk.ca; Mon, 24 Dec 2018 00:04:17 -0700
Message-ID: <169842008122104909997516@uos.de>
From: "Security Team"
To: "lyndax69"
Subject: Frauders known your old password (lyndax69). Password must be changed.
Date: 24 Dec 2018 11:40:45 +0200
MIME-Version: 1.0
Content-type: text/plain;
charset="ibm852"
Content-transfer-encoding: 8bit
X-Mailer: Kxovloio fusgwr
X-Spam_score: 5.7
X-Spam_score_int: 57
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello! I have bad news for you. 19/09/2018 - on this day I
hacked your OS and got full access to your account root@nk.ca On this day
your account root@nk.ca has password: lyndax69 So, you can change the password,
yes.. But my malware intercepts it every time.
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: nk.ca]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[37.106.122.235 listed in bb.barracudacentral.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in
will-spam-for-food.eu.org
[37.106.122.235 listed in will-spam-for-food.eu.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[37.106.122.235 listed in bl.score.senderscore.com]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.3 LONGWORD BODY: Uses overlong words
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
Subject: {SPAM?} Frauders known your old password (lyndax69). Password must be changed.
Hello!
I have bad news for you.
19/09/2018 - on this day I hacked your OS and got full access to your account root@nk.ca
On this day your account root@nk.ca has password: lyndax69
So, you can change the password, yes.. But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.
I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $789 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1J5SXcupgaq2tUas5S7wVtf7evJp6YC3LJ
You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".
I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Good luck.
X-Account-Key: account2
X-UIDL: 0006895b501fb806
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Mon, 24 Dec 2018 06:01:49 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.91 (FreeBSD))
(envelope-from
id 1gbPrh-0005uF-NQ
for aboo@doctor.nl2k.ab.ca; Mon, 24 Dec 2018 06:01:49 -0700
Resent-From: The Doctor
Resent-Date: Mon, 24 Dec 2018 06:01:49 -0700
Resent-Message-ID: <20181224130149.GA5777@doctor.nl2k.ab.ca>
Resent-To: See root
Received: from [37.106.122.235] (port=41255)
by doctor.nl2k.ab.ca with esmtp (Exim 4.91 (FreeBSD))
(envelope-from
id 1gbKHS-000InS-7F
for root@nk.ca; Mon, 24 Dec 2018 00:04:17 -0700
Message-ID: <169842008122104909997516@uos.de>
From: "Security Team"
To: "lyndax69"
Subject: Frauders known your old password (lyndax69). Password must be changed.
Date: 24 Dec 2018 11:40:45 +0200
MIME-Version: 1.0
Content-type: text/plain;
charset="ibm852"
Content-transfer-encoding: 8bit
X-Mailer: Kxovloio fusgwr
X-Spam_score: 5.7
X-Spam_score_int: 57
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello! I have bad news for you. 19/09/2018 - on this day I
hacked your OS and got full access to your account root@nk.ca On this day
your account root@nk.ca has password: lyndax69 So, you can change the password,
yes.. But my malware intercepts it every time.
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: nk.ca]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[37.106.122.235 listed in bb.barracudacentral.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in
will-spam-for-food.eu.org
[37.106.122.235 listed in will-spam-for-food.eu.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[37.106.122.235 listed in bl.score.senderscore.com]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.3 LONGWORD BODY: Uses overlong words
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
Subject: {SPAM?} Frauders known your old password (lyndax69). Password must be changed.
Hello!
I have bad news for you.
19/09/2018 - on this day I hacked your OS and got full access to your account root@nk.ca
On this day your account root@nk.ca has password: lyndax69
So, you can change the password, yes.. But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.
I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $789 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1J5SXcupgaq2tUas5S7wVtf7evJp6YC3LJ
You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".
I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Good luck.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments