[tor-relays] Phishy
Jurre van Bergen
jurre at useotrproject.org
Mon Feb 3 22:03:44 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey,
It doesn't seem to be targetted. It looks like your email was sucked
into a spamlist to send malware too. For malware researchers, the sample
can be obtained over here:
https://malwr.com/analysis/YjQ1Y2FjZTcxMTgxNDgwNmE4MWIyYjIzN2RjNWM1YTc/
Jurre
On 02/03/2014 10:33 PM, phrag wrote:
> FYI: Just got this to my Tor relay mail address, with a zip file
> attached extracting to a '.scr' win exe. Curiously routed via a .gov.uk
> mail relay...
>
> GB03022014.scr: PE32 executable (GUI) Intel 80386, for MS Windows
>
> MD5: dba1e52929f6ca9d1a1bf87e4ff469cf GB2546241.zip
> MD5: fb1141494829b144b0075035022cfbb9 GB03022014.scr
>
> Samples available on request. Full mail headers attached.
>
> ==========
>
> From defeats871 at richszabo.com Mon Feb 03 14:06:39 2014
> Return-path: <defeats871 at richszabo.com>
> Received: from [217.109.27.97] (helo=WNACDHPXR)
> Received: from mail1.bemta14.messagelabs.com by server.justinarcher.net
> Received: from gateway-102.energis.gsi.gov.uk (HELO
> mx.hosting-w.gsi.gov.uk) (62.25.106.208) by
> server-10.tower-205.messagelabs.com
> X-Env-Sender: gateway.confirmation at gateway.gov.uk
>
> From: <gateway.confirmation at gateway.gov.uk>
> To: <tor at phra.gs>
> Subject: Your Online Submission for Reference 485/GB2546241 Could not
> process
> Date: Mon, 3 Feb 2014 22:16:02 +0100
>
> The submission for reference 485/GB2546241 was successfully received and
> was not processed.
> Check attached copy for more information.
> This is an automatically generated email. Please do not reply as the
> email address is not monitored for received mail.
>
> ==========
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- --
Developer at https://www.useotrproject.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJS8BI/AAoJELc5KWfqgB0CQKAIAJxDYAzGZoZ17ijKoLWwfcvA
WaemQ3x9prjx5EU8cNwT2KWnnAX3kVqipDy4nxifKTg0Z6n6iPXZxG4MmEiYCo4+
i6Y2LuqY1MMxSKCB9LEDVbs7aAeTStO26kOVxxk1hV7pcyIppJAM8P7loaYkjaVy
7BY7IeqUMvwCZ98EqI13MzuRTC/Hu1+lMsgya8uDyl7FB2v1ZHzIYBG1RrcwzYKu
5AfhWIBqQTcoKf+8ENpHm2BbUWChuQvqQfmFAieugp4i6xdsaHm8X0xc8UO+qtwK
VO5Q73su/kmzlogbbrdt9BsN5xMCNU9qbWhaeFX3Vc5R0DSNPs4I/jmkF+PYpxA=
=1Th7
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140203/23502bad/attachment-0001.html>
More information about the tor-relays
mailing list