[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mysterious spam message

> The following mysterious message - quoted below in its entirety with its
> header information - appeared in my e-mail, from the address
> AOLSchoolDiplomas@xxxxxxxxxxxxxxx
> Note that it has two headers - when you receive it it should have three. (The
> "click here" wasn't actually a link in the original - just an underlined
> text.)

The key line is the last received: from, quoted here:

> Received: from smtp.iwoliruyu.co.jp (ACA2764.ipt.aol.com [])
> by tot-wh1-wq.proxy.aol.com (8.10.0/8.10.0) with SMTP id e6OEX2764;
> Sat, 24 Feb 2001 02:06:42 -0400

The IP address [located in brackets] appears to be a genuine AOL IP, I
checked it with a whois server located at http://www.samspade.org/t/

The reason this is significant is that it rules out a Japanese source for
the e-mail message. Whoever sent it is most likely in the U.S. (Unless they
are paying a huge long-distance bill to dial-in from over-seas.) They only
forged the .co.jp address to throw people, the IP points right to them as
being AOL users.

As to the text you saw, also quoted below:

> mabadebodiduhusibariduzadupiradimovinakedadetisejapuwojo
> tecasiseluletiqadividoebeyokubatobijamosileqoxocezixewijiroricoqucehudedimuzem

> iripuhunuminavowegiwucabagopemugagivawiqanin

This could be a couple of different things. I get a lot of spam from South
East Asia and those are typically written in a character set called "Big 5",
the "Big 5" character set does not display in my e-mail because I obviously
use a Western set of letters. The end result is something that looks similar
to the above, however it is also a seemingly random collection of
upper-case, lower-case, letters and numbers. Add to that the fact that the
e-mail did not come from Japan and I think we can rule out the Big5 issue.

The other possibility is impossible to tell from a copy of the e-mail. If
you have the original still (unlikely), you could check to see if it has any
attachments. My best guess is that this is an ASCII conversion of a MIME
attachment. It's definitely not UUencoding, but it does look a lot like

                                            - Jordan

* "What lies behind us and what lies before is are small matters   *
*  compared to what lies within us."   - Oliver Wendell Holmes     *