Day: March 19, 2012

Posted on

Another computer related Heads-Up

I dont’ mean to be a Mr techie in this blog but I can’t really help myself.

Especially when I know there are readers of the blog that are not technical and who might get hurt by nefarious people using computers to do bad shit.

This morning I got two bits of email that caught my attention.

Your Order Page 1 copy

This first one appeared to be from Dominos.

It looks pretty good except for a couple of mistakes.

The most obvious is that the time is wrong. I received the email at 8 am according to my email program but the order says it’s 11 am. This is a time zone issue.

The second problem is that that email they sent it to was never used for anything that might result in being added to a mailing list. And I don’t use that email address at all anymore.

The real sting for this one is that all the links that you’d click on to find out why you were being sent a pizza that you didn’t order, actually go to a web page that appears to be hosted in Thailand.

I can’t imagine why dominos would outsource their automated pizza order clearing to a server in Thailand.

The easiest way to check stuff like this is to put your mouse pointer over a button (HOVER) but DO NOT CLICK.

Often, your email program will display what the link address is. In this case hovering over the Click Here to Track displayed nnsg.osea2.go.th

Giving credit where credit is due, this is clever…

Think about it.

You didn’t order a pizza, so you think oops this is a mistake and you click to find out if the pizza is on the way or if you can cancel it.

Every single link on the page tracks back to the nnsg.osea2.go.th address.

I’m not listing the exact page, the image here is just a jpeg it’s not going to take you anywhere bad.

Email1 copy

The next email this morning is old school!

This one comes from an address that I don’t recognize, it’s got no subject line, and contains an RTF Word document.

Need I say DON’T Ever open email that looks like this. And NEVER open the attachment!

Without getting into the dirty underbelly of email headers and all that stuff that would probably make the average non, to moderately technical person bleed from their eyes. Let me just say this;

This email is wrong on a number of levels.

When I look at the header information I’m pretty sure this is a spoof. What that means is this.

The XXXXXXX@bellsouth.net email address has been grabbed by some evil fuck and is being used as a disguise.

XXXXXXX@bellsouth.net is probably a real email address. It’s probably someone who at this moment is getting a ton of angry emails from people that they don’t know. This is probably some person like you who’s just trying to get through their day without a lot of drama.

The RTF file looks like it’s got some suspicious code in it. I haven’t done an in depth analysis and don’t plan to.

It looks like the real point of origin is an old style yahoo email server. But I’m not even sure of that.

What I’m pretty sure of is that the originating server is somewhere in Asia I’m guessing Thailand.

I say this because BOTH of these emails track back to the same place.

Asia Pacific Network Information Centre

This center is actually located in Australia but would handle traffic for lots of places in Asia.

I’m betting that someone in the Australian center did some maintenance over the weekend or installed a new server and it’s security isn’t fully online. The Aussies are pretty good about minimizing spam and other nuisance email from passing through their servers. I’ll be sending examples of the emails to them so that they can track the culprits down.

The point of my rambling here is to just remind folks to be careful online.

Be circumspect when you’re opening your emails, things are not always as they seem even emails that appear to be from someone you know might be tainted with something nasty.

And for goodness sake make sure your anti-virus software is up to date and functioning.