2018年10月6日 星期六

俄羅斯【駭客】寄來的玩耍信件

這是原始信件格式,有興趣檢視細節的人,可以發現很多蛛絲馬跡。

還有;這封信是【 Dark Man 】偶然心血來潮,想看看最近的【垃圾郵件】都哪種架構,才去垃圾郵件匣.....翻了翻信件....

給不熟悉的人,簡單提示。



一、寄件者的 SMTP ID 出賣了寄件者,因為沒有偽造出 Gmail.com 的 ID

二、寄件伺服器的驗證,再次出賣了寄件者,這明顯不是 Google.com 寄出的信件格式

三、標記 Mail Domain MX 再次顯示寄件者耍寶。

四、寄件者 cp-850 , echo 8 bit 透露寄件者使用的信件環境。


綜合以上四點,可以證明,這是一封玩耍信件。



----------------------------------------------------------

Delivered-To: weiwangchu@gmail.com
Received: by 2002:a9d:cfc:0:0:0:0:0 with SMTP id o57-v6csp2137567otd;
Thu, 27 Sep 2018 08:20:57 -0700 (PDT)
X-Google-Smtp-Source: ACcGV63L6m//acFvG0B8AhrMYUZTNrcQy+3E8u5b8tbKayygutXxamPuk6GDyQkdt+SP4MYa8f/y
X-Received: by 2002:a9d:436a:: with SMTP id y39-v6mr7069385oti.80.1538061657480;
Thu, 27 Sep 2018 08:20:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538061657; cv=none;
d=google.com; s=arc-20160816;
b=hYtYsLzkSMa3UHg9JreM7IC5PRGfNmuEZDnJDhcJdwzTsWYit0T+50l9LIWJm8bgIp
rzV4lsPu3i+yjiUwgjjsopYxOVywHE64JbP/7z/6ZuVS/gpNjKe0amBkjcbvJHpvAG7c
VjXCdFYzIcMXSogYfsqmr9UGGEcUeSeEQOMHHujW9MolWyr15qzp/pI75rkLitXyJ2fb
2hNT7gwhf0wy3Or+ho+U3iR8JTaWIhzKuT4fBdiEpUGMdA0hv/0kEtS2hfeB5Nw+f0y+
+nqTHSAaSe7rjNc38+K2SRJegU8c/r229yE+D7xT6onbP0dXvfdHSzvtE4UNShkKbIWU
J3eA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:mime-version:subject:to:message-id:from
:date;
bh=MAnGKQacK6esmG6ooLLzetLu7igVwIhM0ID+WkscB1w=;
b=TFDT4xKInVlE3wJOz9mBoiQAEKKtUoJc/v4nPeIRAGfj0z6PsdvZIegXD8Met93vG3
S2zSGTKSqg1ZP0TJBhyotEgvmqaXIYEd2AorA9H9qU1TBJJonPZOffKeHGUMGOkW8run
AyCrTXxJfKEWMsvlnhVcMFBlHO9ZzdAyBH9oB5smF+QClIW877XO20MBEzGp7tqC8xit
lQqce2ZbNi0ZAOVrpUHRtv99uf2tIbZk5Lp8Ww8Q+b8vUo3QkYBD3dylwgVsWkuwW3m2
KWqbhAq3a4xhbKPmkaE/DyT5e+l7tY3F1LkVsB/9H9YYklWVQtquCmut2PlrYzViFZsV
zhTQ==
ARC-Authentication-Results: i=1; mx.google.com;
spf=softfail (google.com: domain of transitioning weiwangchu@gmail.com does not designate 212.220.66.170 as permitted sender) smtp.mailfrom=weiwangchu@gmail.com;
dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path:
Received: from [212.220.66.16] ([212.220.66.170])
by mx.google.com with ESMTP id z38-v6si933944otc.64.2018.09.27.08.20.56
for ;
Thu, 27 Sep 2018 08:20:57 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning weiwangchu@gmail.com does not designate 212.220.66.170 as permitted sender) client-ip=212.220.66.170;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning weiwangchu@gmail.com does not designate 212.220.66.170 as permitted sender) smtp.mailfrom=weiwangchu@gmail.com;
dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Date: 27 Sep 2018 20:12:55 +0200
From:
X-Priority: 3
Message-ID: <518846025.201809272020@gmail.com>
To: 123bebe
Subject: Security Warning
MIME-Version: 1.0
Content-Type: text/plain; charset="cp-850"
Content-Transfer-Encoding: 8bit

Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account weiwangchu@gmail.com was hacked, because I sent message you from it.

Now I have access to you accounts!
For example, your password for weiwangchu@gmail.com is 123bebe

Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $700 to our Bitcoin wallet: 18QGMXBte2fVodcq9xCwvPWiBEd98LwHwS
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.

I guarantee that after that, we'll erase all your "data" :D

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security. We hope this case will teach you to keep secrets.
Take care of yourself.

沒有留言:

張貼留言

※※ 這樣內容,上手會困難嗎?※※ 我想到什麼?就寫什麼!※※

※對於資訊!我想到什麼?就寫什麼!

如果困難的話?
歡迎來信討論或發表意見,我會儘快回覆。

也歡迎來 YAHOO 知識家,集思廣益!

我的YAHOO 知識家 首頁:
Yahoo 知識+ 2013年改版前 (網域似乎已作廢)
YAHOO 知識家+ 2013年改版後

有需要技術文件 DarkMan 蒐集了不少!
存在FTP共享。想下載?請洽DarkMan信箱取得下載帳號。※

(-.-)

我承認.....從西元2000年後,就沒有在「Grey Hat」過了?

況且,我們沒去玩弄中華電信的小烏龜.....我是安分守己的宅男
當然?駭客技術,是一種私下傳授的「奧義」,並不適合廣為人們學習!
畢竟,這樣多學習資訊的人?都被隔離~又隔離~切割~又切割~之後?
沒幾個能夠將「資訊整體」一窺全豹,自然沒有人,在資訊能力上,具有健全的行為。
至此,不少人都只懂得一部分?甚至更慘,活在一般資訊下,難以突破!

請散播更多Dark Man 的訊息!
DarkMan專用信箱darkman@ishr.twbbs.org
Mail 伺服器?遷移中!施工期間!有諸多不便!近請見諒!
"人資系統的黑暗人" http://hr-no.blogspot.com "
微軟免費「免費防毒軟體」
微軟免費「間諜攻擊防護」

Dark Man 對於擁有「技術、技能、軟體、硬體、平台」並不自大,而是更加的重視「自我約束、安全管理」,曾幾何時?那些對「職能素養」相當重視的人,都一一退出職場;留下的只是「自我膨脹、爭名奪利」的人。

重視職能達成的人?會否越來越不容易工作;除了要應付工作之餘?

還要去面對「自我膨脹、爭名奪利」之輩.......這是「極其惡意」的事情,為何?仍要這樣去組織「職場環境」,就因為「權大通天、利大遮事」嗎?

這裡講述到的「軟體平台」,沒有花一定的時間去熟悉,是不可能深入,也不可能順利操作,有興趣的人,要多花時間投入,才能夠掌握網路運用。