I seem to be getting inundated with these bloody things of late. Normally I set a rule to bin them straight away. Although I am tempted to join
This one particularly interesting because the offender is either situated in Brazil, or more likely using a proxy server to access the zipmail account (the IP does trace to Brazil).
Received: from
by BFLITEMAIL-KR3.bigfoot.com (LiteMail v3.03(BFLITEMAIL-KR3)) with SMTP id 0504241310_BFLITEMAIL-KR3_430207_102620376;
Sun, 24 Apr 2005 13:42:47 -0400 EST
Received: from [200.223.238.2] by
Message-ID: <426B520600000321@
Date: Sun, 24 Apr 2005 10:14:37 -0700
From: michealmiller111@zipmail.com.br
Subject: =?iso-8859-1?Q?EXTREMLY=20URGENT?=
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MICHEAL MILLER CHAMBERS
{Solicitor $ Advocate}
12 Norman Williams street,
South West,Lagos.Nigeria.
Tel +234-1-471-9063.
Dear Friend,
I am a personal attorney to Mr.Johnny Brian,from your country who used to work with shell petro chemical and development company in Nigeria, Herein after shall be referred to as my client.
He goes on to say poor Mr Brian died in a car accident and to cut a long story short, he wants me to help him embessle $12.5 million dollars. Aside from the spelling mistakes and poor grammar, it’s also such an obvious con (and a highly publicised one too). But still people all the time fall for it all the time.
Out of interest, anyone have any preferences for proxy server testing? I used AATools but it did not identify this IP as a proxy! I also used Proxyrama, but this didn’t identify it as one either. Anyone suggest another method of proxy testing (other than setting it up as one in IE)
Also my favourite WHOIS search engine is Hexillion.
Andy
Spam? 419 scams? Phishing? Proxy server testing?
What do these have to do with forensics? Did I miss something?
H. Carvey
"Windows Forensics and Incident Recovery"
I've seen a resurgence in this as well. I used to take the time to bait them. If you kept it going long enough they would eventually fed-ex something. The dangerous ones are those that deal in lower dollar figures. We had a bank take a $150,000 dollar counterfeit check. Fortunately they caught it before the guy wired $140,000 of it back. Incidentally I forensically examined the victim's machine and recovered all of his emails from the princess.
Spam? 419 scams? Phishing? Proxy server testing?
What do these have to do with forensics? Did I miss something?
H. Carvey
"Windows Forensics and Incident Recovery"http://www.windows-ir.com http://windowsir.blogspot.com
I believe email tracing in terms of both sender and recipient can be a vital piece of evidence in a forensic investigation.
I believe email tracing in terms of both sender and recipient can be a vital piece of evidence in a forensic investigation.
Agreed. So why not start a thread on email tracing, rather than "I've got mail"?
H. Carvey
"Windows Forensics and Incident Recovery"
Keep your wig on Harlan! Dealing with fraud is just one of the many crimes I investigate, and tracing of emails is part of my duties, also if I deal with a paedophile case, where I find incriminating emails – I trace them, and identify other offenders. I have recently dealt with that exact set of circumstances on a case, where the offender was given a life sentence.
I’m a little surprised at you for poo poo’ing my post. Without wanting to be disrespectful – what planet are you from?
Take a look at the breaking news on this link:
So why not start a thread on email tracing, rather than "I've got mail"?
I thought that’s what I did with the post?
In the absence of any other recent topics I thought I would start a new one off. There isn’t any other post on this board relating to email tracing.
Why does everything have to be an argument with you?
My mother (who is from a small fishing village in the north of England called Salford) has a saying…… “if you haven’t got anything useful to say, keep you’re gob shutâ€. Perhaps one should follow her advice.
Slightly miffed…… Andy
I believe email tracing in terms of both sender and recipient can be a vital piece of evidence in a forensic investigation.
Agreed. So why not start a thread on email tracing, rather than "I've got mail"?
H. Carvey
"Windows Forensics and Incident Recovery"http://www.windows-ir.com http://windowsir.blogspot.com
I thought this was a thread on email tracing. The subject heading of the thread was quite clear as to what it was likely to be about.
Isn't this what the discussion forum is for???
Email tracing seems very much on topic to me, as does the first post in this thread. I fail to see the justification for criticism.
Jamie
Anyway, back on track… On the subject of establishing whether an end IP number in the extended header chain is a proxy, other than pinging the IP on port 8080, and waiting for the reply, is there any other method people use?
Andy
Andy,
I never "poo poo'd" your post…if you think I did so, please show me where. I simply read your email several times, and it didn't really go into much detail with regards to specifics about tracing emails.
On the subject of establishing whether an end IP number in the extended header chain is a proxy, other than pinging the IP on port 8080, and waiting for the reply, is there any other method people use?
I assume that what you're referring to is a TCP ping…sending a SYN packet to port 8080 to see if you get a SYN-ACK back. This can be done using nmap to perform a SYN scan. But what if the proxy is on another port, as it might be with a backdoor'd system? Creating and renting out botnets is a 'new' Internet economy…making it easy to disassemble these things wouldn't be profitable.
Of course, the assumption that the remote system is running some sort of proxy software is just that…an assumption. The results from Proxyrama may support this.
H. Carvey
"Windows Forensics and Incident Recovery"