Author Topic: I've WON FIRST PLACE!!! (Read 7065 times)

Xairbusdriver · « **on:** January 11, 2014, 10:25:13 AM »

Sorta...
Here's the 'announcement':

Since I last visited/uploaded last May, I was not only thrilled but extremely surprised!

Raw source for the From:, Subject: and message ID:
From: Picasa Services <hedava@anaconda04.webcreatif.ch>
Subject: Xairbusdriver, Your photo takes first place
Message-id: <e8c613fadf4681895812241bfaff@anaconda04.webcreatif.ch>

Red flags:

This part was interesting, also:
x-icloud-spam-score: 10022
f=anaconda04.webcreatif.ch;e=anaconda04.webcreatif.ch;pp=suspected;spf=?;dkim=?;wl=absent;pwl=absent
X-Proofpoint-Virus-Version: vendor=fsecure
engine=2.50.10432:5.11.87,1.0.14,0.0.0000
definitions=2014-01-10_07:2014-01-10,2014-01-10,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=probablespam policy=default score=95
spamscore=95 suspectscore=61 phishscore=0 adultscore=3 bulkscore=66
classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1308280000
definitions=main-1401100233
X-Suspected-Spam: true

Apparently Mail ignores all that?

Here’s the html for the link that claims my ‘photo takes first place.”
<a href="http://www.uniontop.com.tw/cgi-bin/imprinting.pl" style="text-decoration:none;color:#1155cc">Your photo takes first place</a>. Basically a Perl script (‘imprinting’) to do something. Haven’t bothered to attempt downloading the script which probably requires a password to the server, anyway.

uniontop.com.tw looks to be a Chinese company, of course. And I think that’s where the email originated. The company site “requires Java to display some elements on this page” according to Chrome. One of those “elements” could very well be a ‘surprise package?’

Actually, the company may be legit, it seems to be a company selling or building audio speakers and components. There are several pictures of various types of speakers on the page. I suppose even Chinese sites can have their email address harvested or their mail servers abused.

OTOH, the images on the ‘speaker’ company's site seem to have very little to do with the text I see in the html on that page. Here’ are a couple of samples of what the text says (in English, it is displayed in Chinese, on the page):

CODE

<h1>Buy generic Xenical</h1>

<p>Atherosclerosis provokes heart attacks that may lead to horrible result. <strong>Loss weight</strong>. Are you ok with your weight. Do you know how far you are from obesity.</p>

<a href="http://ottawadstore.com/products/weight_loss/xenical/order/">Xenical generic
.
.
.
<h1>Orlistat lose weight<h1>

<p>American pharmacists take pride in presenting you their new anti-obesity treatment. <strong>Losing weight</strong>. How long have you been suffering from derogatory looks. Time to improve your figure.</p>

<a href="http://ottawadstore.com/products/weight_loss/orlistat/order/">Buy Orlistat no prescription</a>
.
.
.

The html was generated by FrontPage 6.0™. I’m sure MS is proud to know their software is being used in such a creative way (even if they probably don’t have this company as a registered user!).

Seems to me, I am being confused with a Chinese ‘consumer!’

Not sure how “SPAM” translates into Chinese… but that's how I told SpamSieve to treat this message. BTW, Picasa is owned, operated and 'works' for Google.

BTW, Paddy, have you ever made a virtual trip to that "Ottawa" store?

Oh well... back to the digital darkroom...

jchuzi · « **Reply #1 on:** January 11, 2014, 12:58:17 PM »

Congratulations Jim! I'm sure that this honor is well deserved.

BTW, I must inform you that you have also won the Brooklyn Bridge Lottery. The winner receives $2.5 billion in genuine Monopoly money. In order to collect, however, you must send me a Western Union money order for $5000 US. Then, I will be happy to send you your winning ticket. But hurry, this offer expires within the next decade.

Trust me. Would I lie to you?

dboh · « **Reply #2 on:** January 11, 2014, 08:50:11 PM »

There's gotta be a way to harness all of this creative energy for something good…

Highmac · « **Reply #3 on:** January 12, 2014, 05:23:58 AM »

Just to insert a boring note.... the .tw suffix is Taiwan.

Still Chinese language but the politics are a different colour. Or were. Not so sure these days

Xairbusdriver · « **Reply #4 on:** January 12, 2014, 09:02:47 AM »

And "CH" refers to Switzerland in other types of things. Have no idea how the country codes were decided. I'm sure China has an enormous effect on the choices. 800 lb. gorillas usually get their way... Speaking as a member of a 'gorilla' on a diet...

I just want to know how much free space I'm getting for winning. I'll send them an enquiry this week.

Xairbusdriver · « **Reply #5 on:** January 12, 2014, 09:50:46 PM »

Maybe this is my year!!!

Not only have my photographs been winners, I've now been selected (apparently because of my contributions to humanity?) to share in the winnings of the Canadian CEO who is giving away his entire prize money! Just Google "Tom Crist" if you don't believe me! Well, at least that proves there is such a man, and he is giving away his winnings!

Do you think he once attended this school? That's where this message may have come from.

"Return-path: <domalley@students.stonehill.edu>"
This was also interesting:

CODE

Received: from smtp.stonehill.edu (204.144.14.22)
by BY2FFO11FD027.mail.protection.outlook.com (10.1.15.216)
with Microsoft SMTP Server (TLS) id 15.0.847.12 via Frontend Transport; Mon,
13 Jan 2014 02:52:45 +0000
Received: from laygroup.claygroup.com (50.196.106.233)
by Mirage.stonehill.edu (10.133.2.3) with Microsoft SMTP Server (TLS)

[204.144.14.22] Does seem to ba a valid IP for Stonehill College. I assume [10.133.2.3] is the mail server at Stonehill College? Assuming all the above is not just spoofed...

I may send the raw source to their President and see if he's interested in exerting more control over their servers? Shouldn't be too difficult to check if the name of one of their servers is "Mirage" (or simply a pun of the spoofing!) or if there is someone with an email address of "domalley."

At least this ended up in my "Junk" mailbox. I'm a little surprised that SpamSieve didn't grab it first.

Xairbusdriver · « **Reply #6 on:** January 13, 2014, 07:54:45 PM »

I joined a programmers forum a few weeks ago, that's the only new place I've registered lately.

Well, I also created an account at the Social Security Administration. Maybe there is too much "social" stuff there...

Anyway, I got another SPAM today, went through my Hostgator account. Here's what it reported:

QUOTE

X-Spam-Report: Spam detection software, running on the system "gator3213.hostgator.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see root\@localhost for details.

Content analysis details: (8.0 points, 5.0 required)

CODE

  pts rule name              description
---- ---------------------- --------------------------------------------------
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                             (schen[at]gmail.com)
  1.6 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
                             [208.67.16.125 listed in bb.barracudacentral.org]
  1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  1.2 MISSING_HEADERS        Missing To: header
  0.0 LOTS_OF_MONEY          Huge... sums of money
  1.9 REPLYTO_WITHOUT_TO_CC  REPLYTO_WITHOUT_TO_CC
  1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS
  1.0 FREEMAIL_REPLYTO       Reply-To/From or Reply-To/body contain different
                             freemails
X-Spam-Flag: YES
Subject: [SPAM] Message for you

I am Song Chen. I am the Head of Operations at Dah Sing Bank,Hong Kong. I do not know if we can work together in transferring US$12.8 million from my bank to your bank account. Finally if you are interested I shall provide you with more details. Please contact me with this Email:song19chen@gmail.com

If I let him send me this money, will I have to report it to the Feds? I think there is something about reporting all transactions over $10,000...

I already have problems with the millions I'm, getting from Mr. Crist, I don't need more paperwork.

If anyone else needs some cash, I'll forward your name and email address to Mr. Song Chen. You're welcome!

Sooz · « **Reply #7 on:** January 14, 2014, 01:42:32 AM »

Wow, Jim, you are batting 1000 ! You da beeg weener! (autocorrect keeps trying to put in beef weiner--go figure!)

Special congrats are warranted (emphasis on the word "special" wink wink)...maybe? I guess?? Once you get all that money, consider taking a trip to the west coast, where you & travel companion(s) are invited to dine with us and I will ply you with homemade lasagna!

Smiles,
Sooz

jchuzi · « **Reply #8 on:** January 14, 2014, 05:39:31 AM »

QUOTE(Xairbusdriver)

If I let him send me this money, will I have to report it to the Feds? I think there is something about reporting all transactions over $10,000...

Not to worry! That restriction (seriously!) applies only to CASH deposits. If the spammer is dumb enough to send you cash, deposit it, report, and happily pay the tax. Or, stow it under the mattress; that's where I keep my millions. The mattress has gotten a bit lumpy but I'll put up with it.

Raven · « **Reply #9 on:** January 16, 2014, 01:29:05 PM »

Too funny!
I usually get faxes that I've been bequeathed $10 million from Nigeria, etc. Makes me think that someone must fall for this stuff. Otherwise why would they keep trying?

Have a great day! Even if you're not a billionaire... yet! ;-)

Bruce_F · « **Reply #10 on:** January 19, 2014, 06:58:57 PM »

I've reported the same spammers to spamcop three times now. They haven't gotten the message to stop yet.

News:

Author Topic: I've WON FIRST PLACE!!! (Read 7065 times)