|
The Start Of A Long, Long Trail Of Deception
The headers of the "phishing" email hint of the long trail of compromised computers that form the backbone of this deception.
My Earthlink mail server received the "phishing" email from this mail server:
66.158.48.99
This is a mail server for the UNO Charter School Network. The mail server is located in Springfield, Illinois.
Here is the UNO Charter School Network web page:
http://www.unocharterschools.org/cgi-bin/index.pl
The phishing email originated from an apparently-authorized "User" of the UNO mail server, sending mail from this address:
146.145.202.201
This appears to be a private computer in the Philadelphia, Pennsylvania area, using ATX Telecommunications Services as its Internet Provider.
Here is the home page associated with this address:
http://146.145.202.201
Note: The home page looks like a Microsoft 'error' page, but it really isn't. View the page source and you will see that the icon in the upper left is a file "pagerror.gif" saved in the top directory. This is a type of 'nothing to see here -- go away' message page.
To me, it looks like a home or business PC in Philadelphia has been hacked and turned into a 'zombie.' And, to me, it looks like the UNO Charter School mail server has been hacked, to provide 'valid' email logins for spammers to use.
On January 12th, this presumed-zombie PC in Philadelphia was connected to a presumed-hacked mail server, in Illinois, to spew "phishing" spam all over the world.
How many phishing emails were sent? I have no idea. But on January 12th I also stumbled across a spam address file associated with another phishing scheme, and it contained 171,555 email addresses.
|
|
