2018年10月6日 星期六

俄羅斯【駭客】寄來的玩耍信件

這是原始信件格式,有興趣檢視細節的人,可以發現很多蛛絲馬跡。

還有;這封信是【 Dark Man 】偶然心血來潮,想看看最近的【垃圾郵件】都哪種架構,才去垃圾郵件匣.....翻了翻信件....

給不熟悉的人,簡單提示。



一、寄件者的 SMTP ID 出賣了寄件者,因為沒有偽造出 Gmail.com 的 ID

二、寄件伺服器的驗證,再次出賣了寄件者,這明顯不是 Google.com 寄出的信件格式

三、標記 Mail Domain MX 再次顯示寄件者耍寶。

四、寄件者 cp-850 , echo 8 bit 透露寄件者使用的信件環境。


綜合以上四點,可以證明,這是一封玩耍信件。



----------------------------------------------------------

Delivered-To: weiwangchu@gmail.com
Received: by 2002:a9d:cfc:0:0:0:0:0 with SMTP id o57-v6csp2137567otd;
Thu, 27 Sep 2018 08:20:57 -0700 (PDT)
X-Google-Smtp-Source: ACcGV63L6m//acFvG0B8AhrMYUZTNrcQy+3E8u5b8tbKayygutXxamPuk6GDyQkdt+SP4MYa8f/y
X-Received: by 2002:a9d:436a:: with SMTP id y39-v6mr7069385oti.80.1538061657480;
Thu, 27 Sep 2018 08:20:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538061657; cv=none;
d=google.com; s=arc-20160816;
b=hYtYsLzkSMa3UHg9JreM7IC5PRGfNmuEZDnJDhcJdwzTsWYit0T+50l9LIWJm8bgIp
rzV4lsPu3i+yjiUwgjjsopYxOVywHE64JbP/7z/6ZuVS/gpNjKe0amBkjcbvJHpvAG7c
VjXCdFYzIcMXSogYfsqmr9UGGEcUeSeEQOMHHujW9MolWyr15qzp/pI75rkLitXyJ2fb
2hNT7gwhf0wy3Or+ho+U3iR8JTaWIhzKuT4fBdiEpUGMdA0hv/0kEtS2hfeB5Nw+f0y+
+nqTHSAaSe7rjNc38+K2SRJegU8c/r229yE+D7xT6onbP0dXvfdHSzvtE4UNShkKbIWU
J3eA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:mime-version:subject:to:message-id:from
:date;
bh=MAnGKQacK6esmG6ooLLzetLu7igVwIhM0ID+WkscB1w=;
b=TFDT4xKInVlE3wJOz9mBoiQAEKKtUoJc/v4nPeIRAGfj0z6PsdvZIegXD8Met93vG3
S2zSGTKSqg1ZP0TJBhyotEgvmqaXIYEd2AorA9H9qU1TBJJonPZOffKeHGUMGOkW8run
AyCrTXxJfKEWMsvlnhVcMFBlHO9ZzdAyBH9oB5smF+QClIW877XO20MBEzGp7tqC8xit
lQqce2ZbNi0ZAOVrpUHRtv99uf2tIbZk5Lp8Ww8Q+b8vUo3QkYBD3dylwgVsWkuwW3m2
KWqbhAq3a4xhbKPmkaE/DyT5e+l7tY3F1LkVsB/9H9YYklWVQtquCmut2PlrYzViFZsV
zhTQ==
ARC-Authentication-Results: i=1; mx.google.com;
spf=softfail (google.com: domain of transitioning weiwangchu@gmail.com does not designate 212.220.66.170 as permitted sender) smtp.mailfrom=weiwangchu@gmail.com;
dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path:
Received: from [212.220.66.16] ([212.220.66.170])
by mx.google.com with ESMTP id z38-v6si933944otc.64.2018.09.27.08.20.56
for ;
Thu, 27 Sep 2018 08:20:57 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning weiwangchu@gmail.com does not designate 212.220.66.170 as permitted sender) client-ip=212.220.66.170;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning weiwangchu@gmail.com does not designate 212.220.66.170 as permitted sender) smtp.mailfrom=weiwangchu@gmail.com;
dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Date: 27 Sep 2018 20:12:55 +0200
From:
X-Priority: 3
Message-ID: <518846025.201809272020@gmail.com>
To: 123bebe
Subject: Security Warning
MIME-Version: 1.0
Content-Type: text/plain; charset="cp-850"
Content-Transfer-Encoding: 8bit

Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account weiwangchu@gmail.com was hacked, because I sent message you from it.

Now I have access to you accounts!
For example, your password for weiwangchu@gmail.com is 123bebe

Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $700 to our Bitcoin wallet: 18QGMXBte2fVodcq9xCwvPWiBEd98LwHwS
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.

I guarantee that after that, we'll erase all your "data" :D

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security. We hope this case will teach you to keep secrets.
Take care of yourself.

沒有留言:

張貼留言

年度專案議題

  • 【Clipboard】曾淪為病毒概念? - 我最初知道【剪貼簿、剪貼板】的功能概念,在 MS-DOS 作業系統的【 PE2】【漢書】【天蠍星】的【垃圾桶工具(Clipboard)】,行為和 DOSKEY 的緩存類似。 PE2文書處理軟體 漢書文書處理軟體 漢書文書處理系統(V11) https://www.stone.com.tw/stone/web...
    2 週前