all those nice ups.com rules, tests and signatures?
the EXACT same file that was in a ups.com virus? is now being sent
'from' dhl.com
(come on ups/dhl.. I know SPF is broken, but in this case it would sure
help is decide if the sending ip is authorized to send on your behalf)
with some pretty weird received lines: is this 'ipv8'?
received:from MERIDA (unknown [187.176.237.77]) by com.ionspam.net
(Postfix) with SMTP id 342976FDF78 for <xxxxxxxx>; Thu, 31 Mar 2011
11:12:13 -0400 (EDT)
received:from smtp1.txfxczpw.net ([11169.98.12888.1258]) by
relay.cxjrc.com with SMTP; Thu, 31 Mar 2011 09:09:04 -0600
message-id:<2e9701cbef83$48a30ab0$6500a8c0@MERIDA>
from:"DHL Global" <postservice...@dhl.com>
to:<jjjjj>
subject:DHL Express Services
date:Thu, 31 Mar 2011 09:05:44 -0600
content-type:multipart/mixed;
boundary="--------=_NextPart_000_0005_01CBEF83.B94C9830"
x-msmail-priority:Normal
x-mailer:Microsoft Outlook Express 5.00.2919.6700
x-mimeole:Produced By Microsoft MimeOLE V5.00.2919.6700
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best in Email Security, 2010 Network Products Guide
* King of Spam Filters, SC Magazine
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
