FryUp under phishing attack… or not quite

, posted: 30-Jun-2010 10:48

Got a somewhat baffling email this morning, in HTML, asking me to reset the password for

It was flagged as spam (obviously) and seemed at first like a "phish" to capture usernames and passwords but . . . what would be the point of that? There's no account as such for the fryup email address but even if there was one, a phisher couldn't do much apart from subscribe to and unsubscribe from various newsletters.

Turns out the message is "phish spam" or maybe even "spam phish" because the Korean site referenced to in the HTML (don't go there, likely to be unsafe) hawks the usual Intarweb make big penis fast pills and bogus meds.

There's been an upsurge in old-fashioned spam of the above type, and it's sad to see it's still around. Guess there are enough idiots around buying buying dodgy pills laced with human faeces and e-coli still to make it worthwhile.

Thanks guys, you're really making it better for everybody.


Return-Path: <> X-Virus-Scanned: amavisd-new X-Spam-Flag: YES X-Spam-Score: 16.009 X-Spam-Level: **************** X-Spam-Status: Yes, score=16.009 tagged_above=4 required=6.8 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RDNS_NONE=0.1, SARE_RECV_PORTHELO_2=2, URIBL_AB_SURBL=1.86, URIBL_BLACK=6, URIBL_WS_SURBL=1.5] X-Greylist: delayed 00:18:31.060287 by SQLgrey-1.6.7 Received: from ([]) by (Lotus Domino Release 7.0.2) with ESMTP id 2010063010053986-2830 ; Wed, 30 Jun 2010 10:05:39 +1200 Received: from (port=6768 helo=[Supervisor2]) by with asmtp id 1423E7-000531-79 for; Tue, 29 Jun 2010 17:02:44 -0600 Message-ID: <> Date: Tue, 29 Jun 2010 17:02:44 -0600 From: " support" <> MIME-Version: 1.0 To: Subject: ***SPAM*** Reset your password X-Spam: Not detected X-Mras: OK X-MIMETrack: Itemize by SMTP Server on Machine/NZWeb(Release 7.0.2|September 26, 2006) at 30/06/2010 10:05:40 AM, Serialize by Router on Machine/NZWeb(Release 7.0.2|September 26, 2006) at 30/06/2010 10:24:12 AM Content-Type: text/html; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable <html> <head> <title>Reset your password</title> </head> Hello,<br> <br> We received your request to reset your password. To con firm your request and reset your password, follow the instructions below. C onfirming your request helps prevent unauthorized access to your account.<b r> <br> If you didn't request that your password be reset, please follow the instru ctions below to cancel your request.<br><br> CONFIRM REQUEST AND RESET PASSWORD<br><br> Click on the following web address:<br><br> <a href=3D""> irm.srf?</a> <br> <br> CANCEL PASSWORD RESET<br><br> Click on the following web address:<br><br> <a href=3D""> EL.srf?</a> <br><br> Thank you,<br><br> Team </body> </html>

Other related posts:
Video: Kim Dotcom and Mathias Ortman at the IITP Mega breakfast
Two-factor authentication broken
The problem with naming and shaming

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.