Running your own mail server also has it’s humorous points, mainly around SPAM. I love it when people spam me acting as my email administrator (which is obviously me as well) saying my email is about to be cut off unless I download the attachment and run the virus or whatever is in there (compound that with the fact that I run linux and would have to jump through a few hoops to run their virus inside wine or something for it to do anything).
This morning I got a pair of LinkedIn security alerts(addressed to an address LinkedIn has no knowledge of no less) –
LINKEDIN Your LinkedIn account has been blocked due to suspicious activity. Please Follow this link [1] for details. Thank you for using LinkedIn! --The LinkedIn Team http://www.linkedin.com/ [2] ? 2011, LinkedIn Corporation
The ironic part here is Sanitizer ripped out whatever url they were trying to insert to spoof the LinkedIn site – so not only is the text to click on accurate, the link itself is accurate as well, there is no malware site to be seen.
I have Sanitizer attach a log as to what it is doing and this is what it said it did
Sanitizer (start="1314091520"): SanitizeFile (filename="unnamed.html, filetype.html", mimetype="text/html"): Match (names="unnamed.html, filetype.html", rule="9"): Enforced policy: accept Note: Styles and layers give attackers many tools to fool the user and common browsers interpret Javascript code found within style definitions. Rewrote HTML tag: >>_div_>_p__DEFANGED_div_>_table style="border-top: 4px solid rgb(51, 153, 204); margin: 0pt auto; max-width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;" width="550" border="0" cellpadding="0" cellspacing="0"_>_table DEFANGED_style="border-top: 4px solid rgb(51, 153, 204); margin: 0pt auto; max-width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;" width="550" border=0 cellpadding=0 cellspacing=0_>_h1 style="margin: 5px 0pt; color: rgb(0, 0, 0); font-family: arial; font-style: normal; font-variant: normal; font-weight: bold; font-size: 23px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_h1 DEFANGED_style="margin: 5px 0pt; color: rgb(0, 0, 0); font-family: arial; font-style: normal; font-variant: normal; font-weight: bold; font-size: 23px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_td valign="top" style="font-family: arial,helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_td valign="top" DEFANGED_style="font-family: arial,helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_p style="margin: 3px auto; width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; color: rgb(153, 153, 153);"_>_p DEFANGED_style="margin: 3px auto; width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; color: rgb(153, 153, 153);"_>_div_>_p__DEFANGED_div_>_table style="border-top: 4px solid rgb(51, 153, 204); margin: 0pt auto; max-width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;" width="550" border="0" cellpadding="0" cellspacing="0"_>_table DEFANGED_style="border-top: 4px solid rgb(51, 153, 204); margin: 0pt auto; max-width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;" width="550" border=0 cellpadding=0 cellspacing=0_>_h1 style="margin: 5px 0pt; color: rgb(0, 0, 0); font-family: arial; font-style: normal; font-variant: normal; font-weight: bold; font-size: 23px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_h1 DEFANGED_style="margin: 5px 0pt; color: rgb(0, 0, 0); font-family: arial; font-style: normal; font-variant: normal; font-weight: bold; font-size: 23px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_td valign="top" style="font-family: arial,helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_td valign="top" DEFANGED_style="font-family: arial,helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;"_>_p style="margin: 3px auto; width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; color: rgb(153, 153, 153);"_>_p DEFANGED_style="margin: 3px auto; width: 550px; font-family: arial,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; color: rgb(153, 153, 153);"_ Links: ------ [1] http://roundcube.linuxpowered.net/linkedin-report.com [2] http://www.linkedin.com/
So, quite a bit of stuff. Roundcube is a new webmail client I am playing with, so far it’s ok, looks nicer than Squirrelmail in general though not as good as SM in other ways.
The [1] link above I assume might be the malware site – linkedin-report.com. But if I were to click on it I’d just get back to my webmail client.
And just a few minutes ago I got one of those emails that poses as myself threatening to cut off my email – oh so funny!
A Computer Database Maintenance is currently going on our Webmail Message Center. Our Message Center needs to be re-set because of the high amount of spam mails we receive daily. A Quarantine Maintainance will help us prevent this everyday dilemma. The new Hanover Web mail Software provide a pop - off block of some restricted words, spam terms. To revalidate your mailbox Please Fill the link below: UserName: .................................... Old Password:....................................... New Password:....................................... WARNING!!! E-MAIL OWNERS who refuses to upgrade his or her account within Five days after notification of this update will permanently be deleted from our data base and can also lead to malfunctioning of the client or user's account and we will not be responsible for loosing your web mail account. Your response should be sent to admin manager Email: accountuserhelpdesk@mhost2.net