PHPMailerを利用した迷惑メールです。
本当に多いですね。Outlookなど、HTMLメールを受け取るようなメーラはやめたほうがいいですね。
ウィルスが入らないようにするには、プレーンテキストで受け取るかHTMLのスクリプトを抹消させて受け取るかだろうね。
サーバサイドでスクリプトを強制的に抹消させているので一切入らないからいいが。
当然メールの形態は崩れるけど、要は、そんなメールを送ってくるポリシーが良くわからん。
マルウェアのほとんどが、こういったリッチテキストがらみあほ

件名
Subject: In less than 5 days this company could yield you a ten bagger
差出人
“Mallory Hill”
返信先

宛先
自メール
内容

Good morning!
I’ve beeninvolved in the markets for a few decades now and I’ll be the first totell you that things have never been as uncertain as they are today.
With a new administration heading our country, it’s becomingincreasingly difficult to get the edge in the markets.
At least, we can always count on lady luck to come in handy when weneed her.
A friend of mine founded a small medical company a few years ago and hehas been researching a novel way of using the immune system to killtumors.
After extensive tests and lengthy approval processes, he finally gotthe green light on this life changing new therapy.
Because of that, a big pharma has put in an offer to buy out the entirecompany. At essentially 10 times the current trading value.
This guarantees that if you get shares today at under 20 cents each,you will cash out ten times that amount by Friday.
The ticker which you need to use to buy is the first letter of each ofthese words:
Quest, Start, Mega, Great
Together they make up the 4 letter symbol which you need. Get in asfast as you can before the price jumps.

添付ファイル
なし
———————————————
ソース
From – Tue Jun 20 08:1 2017
X-Account-Key:
X-UIDL:
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path:
X-Original-To: @
Delivered-To: @
Received: from net-2-38-28-138.cust.vodafonedsl.it (net-2-38-28-138.cust.vodafonedsl.it [2.38.28.138])
by mail. (Postfix) with ESMTP id D97F834CA1B6
for <@>; Mon, 19 Jun 2017 19: +0900 (JST)
Received: (from apache@localhost)
by recoveryflash.net (8.14.7/8.14.7/Submit) id ;
Mon, 19 Jun 2017 12: +0200
Date: Mon, 19 Jun 2017 12: +0200
To: @
From: “Mallory Hill”
Subject: In less than 5 days this company could yield you a ten bagger
Message-ID: <@recoveryflash.net>
X-Priority: 3
X-Mailer: PHPMailer 5.2.8 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”b1_”
Content-Transfer-Encoding: 8bit
X-EsetId:

–b1_
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Good morning!

I’ve beeninvolved in the markets for a few decades now and I’ll be the first totell you that things have never been as uncertain as they are today.

With a new administration heading our country, it’s becomingincreasingly difficult to get the edge in the markets.

At least, we can always count on lady luck to come in handy when weneed her.

———————————————
添付なし
———————————————
IPv4 address:

2.38.28.138
IPv4 expanded:

002.038.028.138
IPv4 decimal:

36052106
Internet service provider:
Vodafone Italia DSL
Organization:
Vodafone Italia DSL
Country name:
Italy
Country ISO alpha-2 code:
IT
State:
The Marches
City:
Colbuccaro
Timezone:
Europe/Rome
Longitude:
13.4436
Latitude:
43.2446
WHOIS last updated:
WHOIS data frequency request limit is reached. Try again later.
Update WHOIS data:

Enter to update WHOIS:
Reverse DNS host:
vodafonedsl.it
Reverse DNS pointer:
net-2-38-28-138.cust.vodafonedsl.it
Reverse DNS in-addr.arpa:
138.28.38.2.in-addr.arpa domain name pointer net-2-38-28-138.cust.vodafonedsl.it.
Reverse DNS last updated:
0 seconds ago on June 20, 2017, 12:38 am GMT Time
Reverse DNS next check:
in 5 months, 29 days on June 20, 2017, 12:38 am GMT Time
Update DNS Records:

Enter to update DNS:
Bot/spider
No
———————————————
Domain Name:
recoveryflash.net
Check status
Page Response:
39.76 (ms)
Website Ranking:

Facebook1
SEO Report Time:
Created: 0 seconds ago, Updated: 0 seconds ago
Update SEO Report:

Enter to update SEO:
Meta Tags:

Title mŋr_CGbgTȂ猩ȂƑIm2017N0602 XVn
Viewport width=device-width, initial-scale=1
Internet service provider:
K-Opticom Corporation
Organization:
K-Opticom Corporation
Country name:
Japan
Country ISO alpha-2 code:
JP
State:
Nara
City:
Nara
Timezone:
Asia/Tokyo
Longitude:
135.8328
Latitude:
34.6853
WHOIS last updated:
WHOIS data frequency request limit is reached. Try again later.
Update WHOIS data:

Enter to update WHOIS:
Forward DNS primary host:
recoveryflash.net
Forward DNS expanded data:
recoveryflash.net has address 59.190.130.26
recoveryflash.net mail is handled by 0 recoveryflash.net.
Forward DNS last updated:
0 seconds ago on June 20, 2017, 12:27 am GMT Time
Forward DNS next check:
in 5 months, 29 days on June 20, 2017, 12:27 am GMT Time
Reverse DNS host:
Pending reverse DNS update…
———————————————

Appleをかたるフィッシングメールが出回っているらしい
誘導先となる複数の偽サイトが同日13時30分現在稼働中ですと。
この偽サイトでApple IDや個人情報、クレジットカード情報などを入力しないよう注意しているよ。

メールの件名は複数あり、「Order Confrimations. #[英数字]」「リマインダ：アカウントロック」「AppIe: 確認の進捗状況 [日付]」「あなたのApple IDでセキュリティを守ります」「Apple ID アカウントが無効になっています : [日付]」「Apple IDはセキュリティ上の理由から無効になっています : [数字]」「お知らせ：[Apple] Statementアカウントのログインを再開する [日付]」「あなたのApple IDがロックされています」

本文は日本語で、請求書の書式となっており、購入していない場合に注文をキャンセルするよう案内し、「注文をキャンセルする」または「iTunesの支払いキャンセルフォーム」のリンクから偽サイトに誘導。

詳細はこちら
https://www.antiphishing.jp/news/alert/apple_20170607.html

こちらが偽サイトですと
https://●●●●.co/6nyjmyhIfL
http://cresoitalia.●●●●.it/skin/frontend/jp.php
https://www.appleid-●●●●.com/aps/clients/?[パラメータ]
https://●●●●.co/lhASxdQc4m
http://●●●●.co/6m4W2
https://www.apple-jp.update-account-informations.●●●●.id/
https://●●●●.co/4kns1sRTYW
https://app-scure-●●●●.com/clients
http://newarivied.●●●●.es/japan-id-skin/appleid/apple
https://apple-appleidverify.●●●●.com/Login.php?[パラメータ]
http://●●●●.ly/2rL9wxa
http://mlg-jpy.●●●●.com/
http://secure1.apple.com.account.c86aoq.info7832642.●●●●.info/clients/?[パラメータ]
https://●●●●.gl/jNxRo9
http://redirect-sign-ins.●●●●.cc/
https://apple-information-update.●●●●.cc/clients/?[パラメータ]
https://icloud.verify.customer.data.●●●●.info/
注意しましょう