logo2

Spam Atas Nama Wells Fargo Bank

Bersama artikel ini kami informasikan salah satu contoh mail spam yang mengatasnamakan Wells Fargo Bank di dalam konten mail-nya. Kami klarifikasikan bahwa mail dengan contoh di bawah ini sepenuhnya tidak benar [spam] dan dapat Anda abaikan saja.

Contoh Log Pengiriman Spam Berikut ini adalah contoh log pengiriman mail spam tersebut yang sempat kami dapati dari mail server kami.

—awal kutipan—

2013-11-27 23:55:50 1VliP0-0000Nq-2n <= fraud@aexp.com H=korban1.mailserverpengirim.com [208.104.16.22]:56759 P=esmtp S=25501 id=529622A1.9030605@wellsfargo.com T=”FW: Important docs” for siapa@domainanda.org 2013-11-27 23:57:25 1VliQX-0000YT-FD <= fraud@aexp.com H=korban2.mailserverpengirim.com [50.74.226.154]:34105 P=esmtp S=26105 id=52962342.0070109@MSGCMOXM7908.ent.wfb.bank.corp T=”FW: Important docs” for siapa@domainanda.net 2013-11-27 23:57:39 1VliQl-0000aw-C0 <= fraud@aexp.com H=korban3.mailsererpengirim.com [76.22.159.151]:61648 P=esmtp S=26118 id=529622A7.3010605@MSGCMOXM9586.ent.wfb.bank.corp T=”FW: Important docs” for siapa@domainanda.com

—akhir kutipan—

Berikut ini kami sertakan pula salah satu contoh konten mail spam tersebut :

—awal kutipan—

Received: from [254.141.114.115] (port=39273 helo=PC-Korban) by korban.mailserverpengirim.apa with asmtp id 1rqLaL-000X1-00 for korban@namadomain.apa; Wed, 27 Nov 2013 11:55:49 -0500 Message-ID: Date: Wed, 27 Nov 2013 11:55:49 -0500 From: korban@domainanda.apa User-Agent: Mozilla/5.0(Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: korban@namadomain.com Subject: FW: Important docs Content-Type: multipart/mixed; boundary=”—-=_Part_94900_0050353369.7689441481192″ X-Spam: Not detected X-Mras: Ok This is a multi-part message in MIME format. ——=_Part_94900_0050353369.7689441481192 Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit We have received this documents from your bank, please review attached documents. Reuben Goff Wells Fargo Accounting 817-197-1182 office 817-396-6674 cell Reuben.Goff@wellsfargo.com Investments in securities and insurance products are: NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member FINRA/SIPC. 1 North Jefferson, St. Louis, MO 63103 CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you. ——=_Part_94900_0050353369.7689441481192 Content-Type: application/zip; name=”BankDocs.zip” Content-Transfer-Encoding: base64 Content-Disposition: attachment; name=”BankDocs.zip” The attached ZIP file has the name Case_1193671.zip [or else] and contains the 28 kB large file Case_06112013.exe [or else]. The trojan is known as Worm/Win32.Palevo, TR/Crypt.Xpack.3685, W32/Trojan.UOSL-1532, Trojan.Downloader.JQEJ, Downloader-FVM!DCA1C11AA0C5, Artemis!DCA1C11AA0C5, Trj/Downloader.WKY or Troj/Zbot-GVA. The trojan is capable of downloading files and connecting to other hosts over HTTP. It will collect information to fingerprint the system, make modifications to the local firewall settings and policies and installs itself to boot at start up of the infected system. Futhermore, this trojan can steal information from browsers.

—akhir kutipan—

Himbauan Jika Anda mendapati mail dengan konten yang mencurigakan dan meragukan, ada baiknya dapat diklarifikasikan dengan staf teknikal kami untuk dibantu pemeriksaannya.

Demikian informasi ini kami sampaikan. Terima kasih atas perhatian dan kerjasamanya.

Hormat kami,

Duniahosting – hosting murah, aman dan handal

Staf Teknikal