「ウィルスメール」タグアーカイブ

迷惑な出来事

USA job openings.は絶対に開かないようにしましょう

コメントする

ソースの
X-Filter-ID
以降にマスクもしくは、バイナリがあるので
Message-ID: <E1aF8Hu-0006GR-2W@kmx05.suantispam.com>
がキーと思われますが、Microsoft Outlook Expressだと注意が必要です。
通常のメールでないため、thunderbirdなどは、感染したり、ルートが奪われることは無いと思いますが、

Microsoft Outlookだと、マスクバイナリが、vbaを含むバイナリだと感染したり、ルートが奪われても認識できないでしょう。
続きを読む USA job openings.は絶対に開かないようにしましょう

迷惑な出来事

北京中小快线科技应用中心は開かないようにしましょう

コメントする

件名
北京中小快线科技应用中心
送信元
Ykot <chengjing1@126.com>

内容
HTML
gifの添付
outlookのメールエンコードにより、htmlを実行してrootアニメーションで驚かせるかせてクリックさせルート奪取が目的

thundbird等のメールソフトは良識的にこの手のメールは
駆除されるが、
Microsoft Outlookだとご丁寧に実行してしまいます。
エンコードにquoted-printableが使われて、等号を=3Dとエンコードする。

エンコード
GB2312 base64
中華人民共和国の国家規格として定められた簡体字中国語の符号化文字集合

126.com
IP Address     220.181.12.218
Host Name     m12-218.163.com
Country    China
Network(ASN)    CHINANET-IDC-BJ
IP Prefix    220.181.0.0 – 220.181.255.255
Description    Beijing 100032

inetnum:        218.30.25.0 – 218.30.29.255
netname:        CHINANET-IDC-BJ
descr:          CHINANET IDC center
descr:          China Telecom
descr:          Beijing 100088
country:        CN
admin-c:        HC55-AP
tech-c:         HC55-AP
mnt-by:         MAINT-CHINANET
mnt-lower:      MAINT-CHINATELECOM-BJ
changed:        bjnic@bjtelecom.net 20040322
status:         ALLOCATED NON-PORTABLE
source:         APNIC

person:         Hostmaster of Beijing Telecom corporation CHINA   TELECOM
nic-hdl:        HC55-AP
e-mail:         bjnic@bjtelecom.net
address:        Beijing Telecom
address:        No. 107 XiDan Beidajie, Xicheng District Beijing
phone:          +86-010-58503461
fax-no:         +86-010-58503054
country:        cn
changed:        bjnic@bjtelecom.net 20040115
mnt-by:         MAINT-CHINATELECOM-BJ
source:         APNIC

% Information related to 218.30.96.0 – 218.30.127.255

inetnum:        218.30.96.0 – 218.30.127.255
netname:        CHINANET-IDC-BJ
descr:          CHINANET IDC center
descr:          China Telecom
descr:          Beijing 100088
country:        CN
admin-c:        HC55-AP
tech-c:         HC55-AP
mnt-by:         MAINT-CHINANET
mnt-lower:      MAINT-CHINATELECOM-BJ
changed:        bjnic@bjtelecom.net 20040322
status:         ALLOCATED NON-PORTABLE
source:         APNIC

person:         Hostmaster of Beijing Telecom corporation CHINA   TELECOM
nic-hdl:        HC55-AP
e-mail:         bjnic@bjtelecom.net
address:        Beijing Telecom
address:        No. 107 XiDan Beidajie, Xicheng District Beijing
phone:          +86-010-58503461
fax-no:         +86-010-58503054
country:        cn
changed:        bjnic@bjtelecom.net 20040115
mnt-by:         MAINT-CHINATELECOM-BJ
source:         APNIC

% Information related to 220.181.0.0 – 220.181.255.255

inetnum:        220.181.0.0 – 220.181.255.255
netname:        CHINANET-IDC-BJ
country:        CN
descr:          CHINANET Beijing province network
descr:          China Telecom
descr:          No.31,jingrong street
descr:          Beijing 100032
admin-c:        CH93-AP
tech-c:         HC55-AP
remarks:        hostmaster is not for spam complaint,
remarks:        please send spam complaint to anti-spam@ns.chinanet.cn.net
mnt-by:         MAINT-CHINANET
mnt-lower:      MAINT-CHINATELECOM-BJ
status:         ALLOCATED NON-PORTABLE
changed:        hostmaster@ns.chinanet.cn.net 20030620
changed:        hm-changed@apnic.net 20050715
source:         APNIC

person:         Chinanet Hostmaster
nic-hdl:        CH93-AP
e-mail:         anti-spam@ns.chinanet.cn.net
address:        No.31 ,jingrong street,beijing
address:        100032
phone:          +86-10-58501724
fax-no:         +86-10-58501724
country:        CN
changed:        dingsy@cndata.com 20070416
changed:        zhengzm@gsta.com 20140227
mnt-by:         MAINT-CHINANET
source:         APNIC

person:         Hostmaster of Beijing Telecom corporation CHINA   TELECOM
nic-hdl:        HC55-AP
e-mail:         bjnic@bjtelecom.net
address:        Beijing Telecom
address:        No. 107 XiDan Beidajie, Xicheng District Beijing
phone:          +86-010-58503461
fax-no:         +86-010-58503054
country:        cn
changed:        bjnic@bjtelecom.net 20040115
mnt-by:         MAINT-CHINATELECOM-BJ
source:         APNIC

IP Address     189.206.57.172
Host Name     correo.ifrem.gob.mx
Country    Mexico
Network(ASN)    LACNIC-CIDR-BLOCK
IP Prefix    189.0.0.0 – 189.255.255.255
Description    Not allocated by APNIC

IP Address     10.8.64.67
Host Name     ip-10-8-64-67.ap-northeast-1.compute.internal
Country
Network(ASN)    IANA-NETBLOCK-10
IP Prefix    10.0.0.0 – 10.255.255.255
Description

From – Tue Jan 05 08:7 2016
X-Account-Key: account2
X-UIDL: 000128c846de9b9e
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <lmmmn@ifrem.gob.mx>
X-Original-To: manager@
Delivered-To: manager@
Received: from columbia.ifrem.local (correo.ifrem.gob.mx [189.206.57.172])
by mail. (Postfix) with ESMTP id 50F1534CA19F
for <manager@>; Sat,  2 Jan 2016 07:1 +0900 (JST)
Received: from columbia.IFREM.local (10.8.254.67) by columbia.IFREM.local
(10.8.254.67) with Microsoft SMTP Server (TLS) id 15.0.995.29; Fri, 1 Jan
2016 16:10:34 -0600
Received: from uxaejmq (10.8.64.2) by columbia.IFREM.local (10.8.64.67) with
Microsoft SMTP Server id 15.0.995.29 via Frontend Transport; Fri, 1 Jan 2016
16:10:33 -0600
From: Ykot <chengjing1@126.com>
To: manager <manager@>
Subject: =?GB2312?B?sbG+qdbQ0KG/7M/fv8a8vNOm08PW0NDE?=
Date: Sat, 2 Jan 2016 06: +0800
X-Mailer: Microsoft Outlook, Build 10.0.2616
MIME-Version: 1.0
Content-Type: multipart/related;
boundary=”—-=moru920_8888_376595734.187099″
X-Priority: 3
Message-ID: <4b30ec9e-ddee-4f03-903b-d439c2d830c0@columbia.IFREM.local>
Received-SPF: Fail (columbia.IFREM.local: domain of chengjing1@126.com does
not designate 10.8.64.2 as permitted sender) receiver=columbia.IFREM.local;
client-ip=10.8.64.2; helo=uxaejmq;

——=moru920_8888_376595734.187099
Content-Type: multipart/alternative;
boundary=”—-=mpsv952_9188_389307111.35363″

——=mpsv952_9188_389307111.35363
Content-Type: text/plain; charset=”GB2312″
Content-Transfer-Encoding: base64

PTIwJiMzMDQ1NjsmIzIxNTE2OyYjMjAyOTQ7JiMzMDQ1NjsmIzIwMTE0OyYjMzI4NTI7JiMzMTk5
NTsmPSMzMDM0MDsmIzIwMjE1OyYjMjA1NDA7JiMyNzk2MzsmIzIxMTYwOyYjMzAzNDA7JiMyNDYz
NTsmIzIxNjQ0OyYjMTIyOTA9OyYjMjAyMjU7JiMxOTk5NDs=

——=mpsv952_9188_389307111.35363
Content-Type: text/html; charset=”GB2312″
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”>
<html>
<head>
<title></title>
<meta http-equiv=3D”Content-Type” content=3D”text/html; charset=3D=
gb2312″ />
</head>
<body>
<div><img src=3D”cid:27398.38220666.55640@com” />=20
<div>
<div>&#30456;&#21516;&#20294;&#30456;&#20114;&#32852;&#31995;&=
#30340;&#20215;&#20540;&#27963;&#21160;&#30340;&#24635;&#21644;&#12290=
;&#20225;&#19994;</div>
</div>
</div>
</body>
</html>

——=mpsv952_9188_389307111.35363–

——=moru920_8888_376595734.187099
Content-Type: image/gif;
name=”=?GB2312?B?ytW1vbi9vP7H69SkwMDE2sjdLmdpZiI=?=”
Content-Transfer-Encoding: base64
Content-ID: <27398.38220666.55640@com>

R0lGODdhVQMiAHcBACwAAAAAVQMiAIcAAABjmv/OZf/Omv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjnABQpJ0AAAAAABT4GACJ9Ih3
DvSIdwAAAAAAAAAAAQAAAAEAAADM+BgARgRndcz4GABrBGd1AAAAAAAAAAAAAADAlARnddAnAgBg
AAAABQAAAPAGAACAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAjgCQAJCunQCQrp0AAAAAAAAA
AAAAAP92AAAAAAC9niC9neIBEmkFEd8AAAAAACJ7AAC91/AAAAABVAAAAAC9Z9y9aCEFEaMAAFQS
+QAS+Ay9aIoFEaMAAFQS+QAS+UAS+NhR75UFEaMAAFQS+QBArwpR7IIS+OhR75YS+NgFEd8IEn8E
WAgAABgAAACAAAAAAAAAAADBMNjBMMDBMNgS+Hi9aVfBMMAIAAAAEn+9YwdAoi1AmVRegfBAbVJA
l02VhQFAn4VR5+5eglwS+VRegfAS+VQFEaNeWdwS+NRSBPG8xOBSBPkFEd8IEn8EWAheWXAEWAgS
+VxR9GYAAAAAAAAS+QAS+WhR9HAS+VwS+ZhegiAAAAEAAAAAA1UAACIACgAYAAF7AAAAACgAA1UA
ACIYAAEAAAABVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIEcUFEaMS+eBSD/oS+YAAAAFR
9N1SEDYAAABrMoAAAAEAAAAAA1UAACIABqoQAAEAAAAAACgAA1UAACIYAAEAAAAAAAAAAAAAAAAA
AAAAAAAAAABAn6gS+exAn7cS+eQAAABrMoAAAAFrMoAS+gSltaoS+hBAn1kS+gRrMoAI/wADCBxI
sKBBAAYTDkSocGFBhgkhKgRAsaJFiQ0zagxwsSPFiRc3ihxJsqTJkygjplzJsqXLlxFDZsSokeZI
jDY5OpwJs6fPn0CDCh1KtKjRlDg/qpwokKHThjkfSj26U2dNi1SzagWp1OrWr2BJyoT6sOtUsU3T
ej37dGnYt3Djyp1LFyjCsTHx3vUaNSpBnFQ9YuXqt65hkU89Hl48dDBZvAc7btwLMWflqn8Za97M
ubNntHx5Eq7YlDRHwZbPFm1rta9pxJG7Sp75uvRfvWLNno59W/dS1oh11y7p+LRw0Av1+o6dtGzh
3n5ZRzep2LjE61VRP//Mvbv37z6li/+GKlut6tSZj4pf6/zm8Z3bzYee3x72WuDr5au8vP2y+fjp
qYWdccEB9ltNAeYH4HBT+cfUSa8Bd19pNA0I3oUYZqjhZPlBBxllArrFHmYjCqWdawCyN+CC6a1I
1mQiSihfYXu1BmNmBiJnI2YsBugjgvC1+CN5rv2X12wI1ojfXZD5mOKGUEYpZVxKVqffjAKCGKRD
lZ34ZGDLvegWkz1OqNNw/cV45UFAKnkjl6rtZl+cZaYVoY74YVkgU05ZWeJzbX1U45lDhgjnlIgm
qihcHZJ4ZYVmuvjjlyuhRluKNplVnp+atujgfbORyaOdywFKapMkDqpfmLdFxmZyuLX/GqJpVjom
qZwcTkdfoV3GiuN5D9666LDEFttTo2teN5aqeaoY52EMjvfqtECaCSyHW2aZqn0Wimnnszpue5No
5ZE7KoUl5mVusiKOxh+dB2Zr7Lz01tumo9Y1KZ5/Bua4pl1eEhYuuD12e261Oxqq541u6noovgNb
+2a8/+ppcMXQrfunYOOG5u+IEoZMqb0kl8xdYhjTtvCk7aa7mnusUhtpoecKe7GaM2eXW6AVM/mt
Us1522zKLMvrcMJ/Fqirm8cO7WjI4OJq8tRUZ9jnwzw/+jHILY+MkoPRFSdtzhhb2OHN1PJbM806
K/wbvxUe7XSdZLtsbbP9id3gu4Z+/6rykJlK3HPVhBfeXdblJqysx4C3bHd4ThIZrYcZwwoomknJ
pjdzZTnX6+T4xof5yMXZujnllld+adCwKh0z4mAbeRXjNCcO8eOG5657WJAivV6nassatdfEtc72
7nbVl5uryP/UO963Sz0o2khLHXXz2Gev/fbcd+/99+CHL/745B8lwPnop6/++ukP4P778Jcv//z0
12///Saxr//+AsDvv/v4C6AAoXQimfUuXzGz2pyI5zhnwUR0X4Eg0Yr2oI6BqYDRm1OyODatNEmr
L7U7HtFkxBZ3oWqAKKTO9fy2NsN87nQVFBMDZZa6fLkEhBO8iqD05acEEYdWYuOgD/9z+ECI9emE
bWMXDeeTOSEeLG0xxKGpHhc8eKXwipV6FgZTNcOgCMuESEoihEjDKSZWSjseguG9DPaeMaGliskZ
ntuIssU50miInkNV7GJowCA+zEnRUtXb9CXGVWHxkA7kGttYmMcEgoVMSKSg7KpXvGzxjYjXi1xL
UNZCRZpxPMwSktbq6EXZfS6RUQxd1xbpRBt2a48UEtTtwubJhR0Qk4gMX22YJkmFkXBHXSwlJ98U
uE9CCIGge8mXZsjJyTnTlCrMVZJwdyxoeiqS6cpUK1tTxkn+x19QE5IgA/atEMKnjbjMpS5/VUxV
XpJAwKyLssJ4pG7CsZLyymMWdYj/RuqQcXa2aVA+wajNOMYrmLlqJbIa6DXg1dOPj4pjO1HZrn6V
U6In3Jo674cdZpHTSyuiJ5VY8jupvJN5HURSSBhp0AYqEz2Q1Jw2O/pHCyqvN3hEaBF35a1JfXRC
7fRbFYcp1E311IFZI1ToyLlRjpqUj8RD3GKOmMyLWlWpWI0JV8zJ087xMTwwVSp6HlPTh/YQW1/1

中略–

——=moru920_8888_376595734.187099–