[Holly-L] Scam?

Ron Jarrell jarrell@vt.edu
Wed, 22 Dec 1999 15:42:53 -0500 

--=====================_127734553==_.ALT
Content-Type: text/plain; charset="us-ascii"

At 12:52 PM 12/22/99 -0500, you wrote:
>The attached message looks for all the world like a major credit card 
>scam to me.  Anyone know how to find out who is responsible or 
>track this puppy back to its sender?
>-------------- Enclosure number 1 ----------------
>Received: from ac (unverified [155.230.128.10]) by smtp.greyware.com
>  (EMWAC SMTPRS 0.83) with SMTP id <B0004710331@smtp.greyware.com>;
>  Wed, 22 Dec 1999 07:03:30 -0600
>Received: by ac id AA08785; Wed, 22 Dec 1999 22:04:55 +0900

Good luck.  The machine that sent it to you is operating on a network at a university
in Korea.  Assuming the perpetrators aren't Korean, it's probably either an open
relay (which means people can bounce mail off of it), or a stolen account.

It's at Kyungpook National University in Taegu. The address is:
San-Gyuk-3-Dong
Puk-Gu
Taegu, Korea.

The coordinator for the network is Ki Jun Han, kjhan@tol.kpu.ac.kr

The particular machine is ac.kyungpook.ac.kr, so you could try writing to
abuse@ac.kyungpook.ac.kr, or postmaster at the same host...

Hmm.  I was going to submit it for ORBS and IMRSS testing; if it's a relay, it'll get blackholed
at a lot of reputable sites then, but in the process discovered that it was *already* in the ORBS
database; as of about ten hours ago.  So apparently a lot of folks got this, reported it, and
they're now being told spammers are hijacking their mail.  You probably don't need to
bother to complain, based on that, I'm sure they're deluged with notes already.

--=====================_127734553==_.ALT
Content-Type: text/html; charset="us-ascii"

At 12:52 PM 12/22/99 -0500, you wrote:


The attached message looks for all the world
like a major credit card 

scam to me.  Anyone know how to find out who is responsible or 


track this puppy back to its sender?

-------------- Enclosure number 1 ----------------

Received: from ac (unverified [155.230.128.10]) by 
smtp.greyware.com

 (EMWAC SMTPRS 0.83) with SMTP id
<B0004710331@smtp.greyware.com>;

 Wed, 22 Dec 1999 07:03:30 -0600

Received: by ac id AA08785; Wed, 22 Dec 1999 22:04:55
+0900


Good luck.  The machine that sent it to you is operating on a
network at a university

in Korea.  Assuming the perpetrators aren't Korean, it's probably
either an open

relay (which means people can bounce mail off of it), or a stolen
account.



It's at Kyungpook National University in Taegu. The address is:

San-Gyuk-3-Dong

Puk-Gu

Taegu, Korea.



The coordinator for the network is Ki Jun Han, kjhan@tol.kpu.ac.kr



The particular machine is ac.kyungpook.ac.kr, so you could try writing
to

abuse@ac.kyungpook.ac.kr, or postmaster at the same host...



Hmm.  I was going to submit it for ORBS and IMRSS testing; if it's a
relay, it'll get blackholed

at a lot of reputable sites then, but in the process discovered that it
was *already* in the ORBS

database; as of about ten hours ago.  So apparently a lot of folks
got this, reported it, and

they're now being told spammers are hijacking their mail.  You
probably don't need to

bother to complain, based on that, I'm sure they're deluged with notes
already.



--=====================_127734553==_.ALT--