More blackmail phish

From - Sun Dec 23 18:32:59 2018

X-Account-Key: account2

X-UIDL: 00068944501fb806

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

Return-path:

Envelope-to: aboo@doctor.nl2k.ab.ca

Delivery-date: Sun, 23 Dec 2018 18:32:52 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.91 (FreeBSD))

(envelope-from )

id 1gbF6y-000A2p-Ce

for aboo@doctor.nl2k.ab.ca; Sun, 23 Dec 2018 18:32:52 -0700

Resent-From: The Doctor

Resent-Date: Sun, 23 Dec 2018 18:32:52 -0700

Resent-Message-ID: <20181224013252.GA37389@doctor.nl2k.ab.ca>

Resent-To: See root

Received: from [111.3.111.213] (port=29837)

by doctor.nl2k.ab.ca with esmtp (Exim 4.91 (FreeBSD))

(envelope-from )

id 1gbEwJ-0006wQ-GE

for doctor@nk.ca; Sun, 23 Dec 2018 18:22:04 -0700

Message-ID: <5C20A51F.3010803@bellsoouth.net>

Date: Mon, 24 Dec 2018 16:21:35 +0700

From: "Security Team"

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.12) Gecko/20100826 Thunderbird/3.0.7

MIME-Version: 1.0

To: "lyndax69"

Subject: Frauders known your old password (lyndax69). Password must be changed.

Content-Type: text/plain; charset=IBM852; format=flowed

Content-Transfer-Encoding: 8bit

X-Spam_score: 5.3

X-Spam_score_int: 53

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! I have bad news for you. 19/09/2018 - on this day I

hacked your OS and got full access to your account doctor@nk.ca On this day

your account doctor@nk.ca has password: lyndax69 So, you can change the password,

yes.. But my malware intercepts it every time.



Content analysis details: (5.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: nk.ca]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Blocked - see ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in

will-spam-for-food.eu.org

[111.3.111.213 listed in will-spam-for-food.eu.org]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date

0.3 LONGWORD BODY: Uses overlong words

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.0 RCVD_IN_SORBS No description available.

Subject: {SPAM?} Frauders known your old password (lyndax69). Password must be changed.



Hello!



I have bad news for you.

19/09/2018 - on this day I hacked your OS and got full access to your account doctor@nk.ca

On this day your account doctor@nk.ca has password: lyndax69



So, you can change the password, yes.. But my malware intercepts it every time.



How I made it:

In the software of the router, through which you went online, was a vulnerability.

I just hacked this router and placed my malicious code on it.

When you went online, my trojan was installed on the OS of your device.



After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).



A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.

But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!

I'm talk you about sites for adults.



I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!



And I got an idea....

I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).

After that, I made a screenshot of your joys (using the camera of your device) and glued them together.

Turned out amazing! You are so spectacular!



I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.

I think $713 is a very, very small amount for my silence.

Besides, I have been spying on you for so long, having spent a lot of time!



Pay ONLY in Bitcoins!

My BTC wallet: 1J5SXcupgaq2tUas5S7wVtf7evJp6YC3LJ



You do not know how to use bitcoins?

Enter a query in any search engine: "how to replenish btc wallet".

It's extremely easy



For this payment I give you two days (48 hours).

As soon as this letter is opened, the timer will work.



After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.

If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".



I hope you understand your situation.

- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)

- Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)

- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.



P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!

This is the word of honor hacker



I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.



Do not hold evil! I just do my job.

Good luck.





Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA