home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   INTERNET      The global pornography network      2,155 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 1,489 of 2,155   
   August Abolins to Daniel   
   another one phishing for a bite   
   09 Apr 20 09:20:00   
   
   MSGID: 2:221/1.58@fidonet e341d3f0   
   REPLY: 1252.fido_internet@1:340/7 22f16092   
   PID: OpenXP/5.0.43 (Win32)   
   CHRS: ASCII 1   
   TZUTC: -0400   
   Hello Daniel!   
      
   ** 07.04.20 - 00:03, Daniel wrote to August Abolins:   
      
    D>Good job. I love doing that on the rare occasion I get an attachment. with   
    D>xls I like to save them as zip files, then extract the components and dig   
    D>around. It's silly simple how some of these trojans work.   
      
   I just received one that VirusTotal nor my local scanner detect any fault     
   with.   
      
   But the email is:   
      
      Hey,   
      I'm James Smith and I'm interested in a position at your company.   
      I think I would be a wonderful  to your company.   
      I've added a copy of my resume.   
      
      
      Thank you!   
      
      --   
      James Smith   
      
   And the attached file is: James Smith Resume.xls (169kb)   
      
   A binary look at it doesn't reveal any clues at all.  The vast majority of     
   the chars are totally non-ascii.   
      
   The salient parts of the header are:   
      
      Received: from o3.2e.shared.sendgrid.net ([50.31.60.24])   
      X-EN-OrigIP: 50.31.60.24   
      Received: from t-online.de (unknown)   
      From: "James Smith" <63@jdscentral.com>   
      Subject: Job   
      Message-ID: <4269CC6C.3461899@jdscentral.com>   
      Date: Thu, 09 Apr 2020 11:15:42 +0000 (UTC)   
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101   
      Thunderbird/38.0.0   
      
   Meanwhile, I discovered https://www.joesandbox.com/  Looks impressive.      
   Does anyone here use that?   
      
     ../|ug   
      
   --- OpenXP 5.0.43   
    * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)   
   SEEN-BY: 1/123 90/1 103/705 154/10 203/0 221/1 6 360 226/30 227/114   
   SEEN-BY: 229/101 426 452 1014 240/5832 249/206 317 400 280/464 5003   
   SEEN-BY: 288/100 292/854 310/31 317/3 322/757 342/200 396/45 423/81   
   SEEN-BY: 423/120 712/848 770/1 2452/250   
   PATH: 221/1 280/464 229/426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca