Log in

View Full Version : Spam Email purporting to be from GAGB


Friendly Flyer
6th February 2007, 03:02 PM
I received a Spam (possibly phishing) email purporting to be from GAGB this afternoon. The header and message are reproduced below.

From - Tue Feb 6 15:30:03 2007
X-Account-Key: account2
X-UIDL: 1119968636.47122
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <gagb002@aaryn.lunarpages.com>

<snipped some routing info>

Received: from 209.200.229.100 by mail.completely-computers.co.uk (envelope-from <gagb002@aaryn.lunarpages.com>, uid 89) with qmail-scanner-1.25
(clamdscan: 0.87/1086. spamassassin: 3.1.0.
Clear:RC:0(209.200.229.100):SA:0(0.5/5.0):.
Processed in 1.316888 secs); 06 Feb 2007 15:27:06 -0000
Received: from aaryn.lunarpages.com (209.200.229.100)
by mail.completely-computers.co.uk with SMTP; 6 Feb 2007 15:27:04 -0000
Received: from gagb002 by aaryn.lunarpages.com with local (Exim 4.63)
(envelope-from <gagb002@aaryn.lunarpages.com>)
id 1HES1q-0003Xe-6X; Tue, 06 Feb 2007 07:14:42 -0800
To: forumadmin@gagb.org
Subject: Administration of GAGB ( From GAGB Forum )
From: "GAGB Forum" <forumadmin@gagb.org>
X-Priority: 3
X-Mailer: IPB PHP Mailer
Message-Id: <E1HES1q-0003Xe-6X@aaryn.lunarpages.com>
Date: Tue, 06 Feb 2007 07:14:42 -0800
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - aaryn.lunarpages.com
X-AntiAbuse: Original Domain - tuckley.org
X-AntiAbuse: Originator/Caller UID/GID - [650 1557] / [47 12]
X-AntiAbuse: Sender Address Domain - aaryn.lunarpages.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php
X-Source-Dir: gagb.lunarpages.com:/public_html/forum
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on merlot
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50 autolearn=ham
version=3.0.3


For the correct reflection of pages on our forum please get an update version of Javascript. You can do this here: &#104&#116&#116&#112&#58&#47&#47&#121&#97&#120&#109&#116&#120&#104&#102&#101&#110&#46&#98&#105&#122&#47&#100&#108&#47&#108&#111&#97&#100&#97&#100&#118&#52&#49&#49&#46&#101&#120&#101
you need only to insert this line in the address line of browser and press Enter button.
with best regards,GAGB administration.
The J J Noodle Fan Club
6th February 2007, 03:24 PM
I&#39;ve just had this too.

Odd thing is according to the guts of the email header it was NOT sent to the email address this forum has down for me (which I also use on gc.com and geocacheuk)&#33;

Jon.
Bill D (wwh)
6th February 2007, 03:26 PM
Some members will know that we&#39;ve had a spate of hacking attacks recently. That email was the result of the latest attack, in which the perpetrator gained access to the mass mailing tool. The link in the email (which appears as a string of #&#39;s and numbers in the post above) leads to the same trojan that they&#39;ve been putting on the forum pages.

The attacks appear to be the work of one as yet unidentified individual, presumably someone with a grudge against GAGB. We are determined to identify and prosecute this person. In the meantime we can only apologize for any inconvenience to our members.

We intend very shortly to migrate the forums to new forum software which will be more secure than the existing one.

---
Bill, Chairman GAGB
Edgemaster
6th February 2007, 03:32 PM
Do not click on the link, it will probably install ad/spyware.

I have reported the link with the Netcraft Toolbar (http://toolbar.netcraft.com/), Firefox/Google protection (http://www.google.com/safebrowsing/report_phish/?tpl=mozilla).
nobbynobbs
6th February 2007, 03:36 PM
cheers for the headsup. lets hope this sad sod finds something better to do with their time...i could suggest a few things if they are listening.... :angry:
Chris n Maria
6th February 2007, 03:51 PM
Just got the same thing :(

Hope the dangly bits of the person responsible wither and drop off.
Edgemaster
7th February 2007, 03:32 PM
I didn&#39;t get an email, I feel all left out :P
t.a.folk
7th February 2007, 06:12 PM
I didn&#39;t get an email, I feel all left out


You weren&#39;t singled out ,we didn&#39;t get one either . :D
Bill D (wwh)
8th February 2007, 08:46 AM
I now think there&#39;s a problem with the mass mailer tool - it doesn&#39;t seem to include everyone on the list - doh&#33;&#33;&#33; I got the spam mail but not my explanation and apology...&#33;
Edgemaster
8th February 2007, 04:57 PM
Ah, I have this unchecked:
[ ] Send me any updates sent by the board administrator
Enabling this option will add your email address to the administrators mail list and you will receive any updates sent.


(My Controls > Email Settings)

Plus, I found a list of vulnerabilities for this board software - http://secunia.com/product/330/?task=advisories

It&#39;s quite worrying that so much is unpatched...
http://doiop.com/graph.jpg