Notifications
Clear all

SPAM & 419 Fraud

22 Posts
5 Users
0 Likes
883 Views
 Andy
(@andy)
Posts: 357
Reputable Member
Topic starter
 

I seem to be getting inundated with these bloody things of late. Normally I set a rule to bin them straight away. Although I am tempted to join www.419fun.com or www.419baiter.com and give them a run for their money. 419 by the way is the Nigerian criminal law code for this type of fraud, it’s where it gets the name from.

This one particularly interesting because the offender is either situated in Brazil, or more likely using a proxy server to access the zipmail account (the IP does trace to Brazil).

Received: from www.zipmail.com.br ([200.221.11.147])
by BFLITEMAIL-KR3.bigfoot.com (LiteMail v3.03(BFLITEMAIL-KR3)) with SMTP id 0504241310_BFLITEMAIL-KR3_430207_102620376;
Sun, 24 Apr 2005 13:42:47 -0400 EST
Received: from [200.223.238.2] by www.zipmail.com.br with HTTP; Sun, 24 Apr 2005 14:14:37 -0300Apr 2005 14:14:37 -0300
Message-ID: <426B520600000321@www.zipmail.com.br&gt;
Date: Sun, 24 Apr 2005 10:14:37 -0700
From: michealmiller111@zipmail.com.br
Subject: =?iso-8859-1?Q?EXTREMLY=20URGENT?=
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

MICHEAL MILLER CHAMBERS
{Solicitor $ Advocate}
12 Norman Williams street,
South West,Lagos.Nigeria.
Tel +234-1-471-9063.

Dear Friend,
I am a personal attorney to Mr.Johnny Brian,from your country who used to work with shell petro chemical and development company in Nigeria, Herein after shall be referred to as my client.

He goes on to say poor Mr Brian died in a car accident and to cut a long story short, he wants me to help him embessle $12.5 million dollars. Aside from the spelling mistakes and poor grammar, it’s also such an obvious con (and a highly publicised one too). But still people all the time fall for it all the time.

Out of interest, anyone have any preferences for proxy server testing? I used AATools but it did not identify this IP as a proxy! I also used Proxyrama, but this didn’t identify it as one either. Anyone suggest another method of proxy testing (other than setting it up as one in IE)

Also my favourite WHOIS search engine is Hexillion.

Andy

 
Posted : 24/04/2005 7:47 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Spam? 419 scams? Phishing? Proxy server testing?

What do these have to do with forensics? Did I miss something?

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

 
Posted : 25/04/2005 2:49 am
(@gmarshall139)
Posts: 378
Reputable Member
 

I've seen a resurgence in this as well. I used to take the time to bait them. If you kept it going long enough they would eventually fed-ex something. The dangerous ones are those that deal in lower dollar figures. We had a bank take a $150,000 dollar counterfeit check. Fortunately they caught it before the guy wired $140,000 of it back. Incidentally I forensically examined the victim's machine and recovered all of his emails from the princess.

 
Posted : 25/04/2005 1:39 pm
(@craiginusa)
Posts: 13
Active Member
 

Spam? 419 scams? Phishing? Proxy server testing?

What do these have to do with forensics? Did I miss something?

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

I believe email tracing in terms of both sender and recipient can be a vital piece of evidence in a forensic investigation.

 
Posted : 25/04/2005 4:24 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I believe email tracing in terms of both sender and recipient can be a vital piece of evidence in a forensic investigation.

Agreed. So why not start a thread on email tracing, rather than "I've got mail"?

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

 
Posted : 25/04/2005 4:39 pm
 Andy
(@andy)
Posts: 357
Reputable Member
Topic starter
 

Keep your wig on Harlan! Dealing with fraud is just one of the many crimes I investigate, and tracing of emails is part of my duties, also if I deal with a paedophile case, where I find incriminating emails – I trace them, and identify other offenders. I have recently dealt with that exact set of circumstances on a case, where the offender was given a life sentence.

I’m a little surprised at you for poo poo’ing my post. Without wanting to be disrespectful – what planet are you from?

Take a look at the breaking news on this link: http://www.forensics.com/ (its about tracing emails).

So why not start a thread on email tracing, rather than "I've got mail"?

I thought that’s what I did with the post?

In the absence of any other recent topics I thought I would start a new one off. There isn’t any other post on this board relating to email tracing.

Why does everything have to be an argument with you?

My mother (who is from a small fishing village in the north of England called Salford) has a saying…… “if you haven’t got anything useful to say, keep you’re gob shut”. Perhaps one should follow her advice.

Slightly miffed…… Andy

 
Posted : 25/04/2005 6:02 pm
(@craiginusa)
Posts: 13
Active Member
 

I believe email tracing in terms of both sender and recipient can be a vital piece of evidence in a forensic investigation.

Agreed. So why not start a thread on email tracing, rather than "I've got mail"?

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

I thought this was a thread on email tracing. The subject heading of the thread was quite clear as to what it was likely to be about.
Isn't this what the discussion forum is for???

 
Posted : 25/04/2005 6:14 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Email tracing seems very much on topic to me, as does the first post in this thread. I fail to see the justification for criticism.

Jamie

 
Posted : 26/04/2005 3:02 am
 Andy
(@andy)
Posts: 357
Reputable Member
Topic starter
 

Anyway, back on track… On the subject of establishing whether an end IP number in the extended header chain is a proxy, other than pinging the IP on port 8080, and waiting for the reply, is there any other method people use?

Andy

 
Posted : 26/04/2005 7:30 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Andy,

I never "poo poo'd" your post…if you think I did so, please show me where. I simply read your email several times, and it didn't really go into much detail with regards to specifics about tracing emails.

On the subject of establishing whether an end IP number in the extended header chain is a proxy, other than pinging the IP on port 8080, and waiting for the reply, is there any other method people use?

I assume that what you're referring to is a TCP ping…sending a SYN packet to port 8080 to see if you get a SYN-ACK back. This can be done using nmap to perform a SYN scan. But what if the proxy is on another port, as it might be with a backdoor'd system? Creating and renting out botnets is a 'new' Internet economy…making it easy to disassemble these things wouldn't be profitable.

Of course, the assumption that the remote system is running some sort of proxy software is just that…an assumption. The results from Proxyrama may support this.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

 
Posted : 26/04/2005 2:26 pm
Page 1 / 3
Share: