This is the visible content of the message:
This is your typical 2010 spam, a slightly personal message with a suspicious link at the end. On further investigation this seems like spam, but let's investigate as to why it was delivered to my Inbox.
The following is the content of the message. As we can see from the headers, this message was authenticated on delivery.
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA==
X-Message-Status: n
X-SID-PRA: ***** <*****@hotmail.com>
X-SID-Result: Pass
X-AUTH-Result: PASS
X-Message-Info: P3NBY493gE4pMNIxHJStag1YLFymmzyd/txPN3V4SOi1z4SikDMWBofFDnD51rZdGp7/3PCPDGb5J6WxHPcHb7VLiFYCCYf8TzWewNfsT872aGo2p4QMWw==
Received: from bay0-omc4-s5.bay0.hotmail.com ([65.54.190.207]) by bay0-hmmc2-f12.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 6 May 2011 15:05:56 -0700
Received: from BAY146-W10 ([65.54.190.199]) by bay0-omc4-s5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 6 May 2011 15:05:49 -0700
Message-ID: <BAY146-w104BF9C4F61E5CF14AABDBE1830@phx.gbl>
Return-Path: *****@hotmail.com
Content-Type: multipart/alternative;
boundary="_6397c590-f4b8-43cd-9caa-468c7fba3654_"
X-Originating-IP: [173.12.176.73]
From: ***** <*****@hotmail.com>
Subject: Hi
Date: Fri, 6 May 2011 16:05:49 -0600
Importance: Normal
MIME-Version: 1.0
Bcc:
X-OriginalArrivalTime: 06 May 2011 22:05:49.0753 (UTC) FILETIME=[C2308290:01CC0C39]
--_6397c590-f4b8-43cd-9caa-468c7fba3654_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hey=2C
howfareSyou?? Prettyxlong days9yeah?
Btw i had been feelingzlowEtoday buttwhen ivsaw thatV0 G o o gol e Asent=
Lme thebcheck fork$G43v:=3D}} i was surprised.
imWsoVhappyEnow becausefi startedwworking from home and evenlsitting on my =
computer lol.
you might want toograb moreuinfouand earn some $$'s?
=
--_6397c590-f4b8-43cd-9caa-468c7fba3654_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'>
<style>.4F5r {visibility: hidden=3B color:#ffffff=3B}</style>Hey=2C<br>how<=
font class=3D"4F5r" id=3D"aYGw">f</font>are<font class=3D"4F5r" id=3D"FabN"=
>S</font>you?? Pretty<font class=3D"4F5r" id=3D"fAGM">x</font>long days<fon=
t class=3D"4F5r" id=3D"HKq0">9</font>yeah?<br><br>Btw i had been feeling<fo=
nt class=3D"4F5r" id=3D"6NMk">z</font>low<font class=3D"4F5r" id=3D"eYFx">E=
</font>today but<font class=3D"4F5r" id=3D"sCmv">t</font>when i<font class=
=3D"4F5r" id=3D"DvQh">v</font>saw that<font class=3D"4F5r" id=3D"yJLX">V</f=
ont><font class=3D"4F5r" id=3D"zfdV">0</font> =3B =3BG o o g<font c=
lass=3D"4F5r" id=3D"XNb8">o</font>l e =3B =3B <font class=3D"4F5r" =
id=3D"seyC">A</font>sent<font class=3D"4F5r" id=3D"yREx">L</font>me the<fon=
t class=3D"4F5r" id=3D"hg3c">b</font>check for<font class=3D"4F5r" id=3D"lV=
dQ">k</font>$<font class=3D"4F5r" id=3D"QcbT">G</font>43<font class=3D"4F5r=
" id=3D"5WfB">v</font>:=3D}} i was surprised.<br>im<font class=3D"4F5r" id=
=3D"Z0YE">W</font>so<font class=3D"4F5r" id=3D"Skn1">V</font>happy<font cla=
ss=3D"4F5r" id=3D"N2tz">E</font>now because<font class=3D"4F5r" id=3D"VbAg"=
>f</font>i started<font class=3D"4F5r" id=3D"rfpT">w</font>working from hom=
e and even<font class=3D"4F5r" id=3D"5W6B">l</font>sitting on my computer l=
ol.<br><br>you might want to<font class=3D"4F5r" id=3D"DmaJ">o</font>grab m=
ore<font class=3D"4F5r" id=3D"ngXW">u</font>info<font class=3D"4F5r" id=3D"=
bPwG">u</font><a href=3D"http://short.as/bmr?qz">and earn some $$'s?</a><br=
> </body>
</html>=
--_6397c590-f4b8-43cd-9caa-468c7fba3654_--
From the source, we can see that words like "Google", "working" and "check" were obfuscated, probably to evade filters.
No comments:
Post a Comment