TIP: Click on subject to list as thread!

ANSI

echo:	internet
to:	MARK LEWIS
from:	AUGUST ABOLINS
date:	2020-03-31 20:37:00
subject:	another one phishing for
Hello mark! ** 31.03.20 - 18:30, mark lewis wrote to August Abolins: AA>>>> (but I obscured a few things here with #### so no one inadvertently AA>>>> clicks on a link): ml>>>just change http to hxxp or similar ;) AA>> Six or one half dozen of the other. :) ml>not really because now others of us cannot look up that information and ml>set blocks or filters in our IDS/IPS ;) Oh.. I see. Good point. But couldn't http://march262020.* work in a filter? But, FYI, replace "####" with "club". No point keeping it a secret if the goal is to help protect others. BTW, although it is far easier to just drop the phishing email/attachment with the delete key, we can parse the file, extract the clear-text and share the http:// strings found therein. Obviously, the macro in the original .xls file relied on Excel functions to run a macro to fetch a bot from a website and launch the payload. ../\|ug --- OpenXP 5.0.43 * Origin: /\|ug's Point, Ont. CANADA (2:221/1.58)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.