Spam from deposed King's Friend

[Gamingphreek]

So, I just got an E-Mail that made it through my university's filters.

The message is the message about some assets after some guy died (Michael from "The Office" got this E-Mail haha). After google searching, apparently, they are all coming from the same email address.

Is there any way we can trace the message and eventually get this guy? It all seems to be coming from some Puertican College based on my message headers.

-Kevin

(Edit: I am a CS major looking at the security field on graduation - so naturally this was my response to seeing this)

 

[randay]

no

 

[Kelemvor]

Just send him what he wants and be done with it.

 

[HardcoreRobot]

youare the CS security major, YOU tell US

 

[rudeguy]

Originally posted by: HardcoreRobot
youare the CS security major, YOU tell US

This

 

[geno]

Originally posted by: HardcoreRobot
youare the CS security major, YOU tell US

 

[rudeguy]

The lifers have spoken.

This thread is now a debate between slip on moccasins and full moccasins.

 

[drum]

I think you have to go with full

 

[rudeguy]

Originally posted by: drum
I think you have to go with full

I like the warmth of full, the ease of slip on....

 

[Gamingphreek]

Originally posted by: rudeguy

Originally posted by: HardcoreRobot
youare the CS security major, YOU tell US

This

If you want me to program something that prints out the E-Mail headers I can do that. Outside of that there aren't really any security courses for Undergrads (I'm a Junior).

I also said, I am a CS Major LOOKING AT (ie aspiring) to work in the security field.

It was just a thought - something that I might be able to learn.

-Kevin

 

[rudeguy]

stay on topic man!

 

[AstroManLuca]

Wow, 10k posts and studying CS and you don't know what a Nigerian 419 scam is?

 

[Crusty]

Originally posted by: Gamingphreek

Originally posted by: rudeguy

Originally posted by: HardcoreRobot
youare the CS security major, YOU tell US

This

If you want me to program something that prints out the E-Mail headers I can do that. Outside of that there aren't really any security courses for Undergrads (I'm a Junior).

I also said, I am a CS Major LOOKING AT (ie aspiring) to work in the security field.

It was just a thought - something that I might be able to learn.

-Kevin

If you expect a CS college degree to prepare you for world of IT security you're in the wrong major.

 

[Gamingphreek]

Originally posted by: AstroManLuca
Wow, 10k posts and studying CS and you don't know what a Nigerian 419 scam is?

I do know the scam... thats what I said SPAM from.....

I'm just wondering why no one has managed to catch the sender yet and if I might be able to learn some valuable data mining techniques from the headers and what not.

-Kevin

 

[Gamingphreek]

Originally posted by: Crusty

Originally posted by: Gamingphreek

Originally posted by: rudeguy

Originally posted by: HardcoreRobot
youare the CS security major, YOU tell US

This

If you want me to program something that prints out the E-Mail headers I can do that. Outside of that there aren't really any security courses for Undergrads (I'm a Junior).

I also said, I am a CS Major LOOKING AT (ie aspiring) to work in the security field.

It was just a thought - something that I might be able to learn.

-Kevin

If you expect a CS college degree to prepare you for world of IT security you're in the wrong major.

Do you have a better suggestion for a major? CS is as close as you get for IT Security. Yes - it doesn't prepare you, it is up to you to learn those on your own...

-Kevin

 

[Crusty]

Originally posted by: Gamingphreek

Originally posted by: Crusty

Originally posted by: Gamingphreek

Originally posted by: rudeguy

Originally posted by: HardcoreRobot
youare the CS security major, YOU tell US

This

If you want me to program something that prints out the E-Mail headers I can do that. Outside of that there aren't really any security courses for Undergrads (I'm a Junior).

I also said, I am a CS Major LOOKING AT (ie aspiring) to work in the security field.

It was just a thought - something that I might be able to learn.

-Kevin

If you expect a CS college degree to prepare you for world of IT security you're in the wrong major.

Do you have a better suggestion for a major? CS is as close as you get for IT Security. Yes - it doesn't prepare you, it is up to you to learn those on your own...

-Kevin

MIS?

 

[randay]

Originally posted by: Gamingphreek

Originally posted by: AstroManLuca
Wow, 10k posts and studying CS and you don't know what a Nigerian 419 scam is?

I do know the scam... thats what I said SPAM from.....

I'm just wondering why no one has managed to catch the sender yet and if I might be able to learn some valuable data mining techniques from the headers and what not.

-Kevin

HOLY SHIT! why hasnt anyone thought of this before? why dont we just find out who they are by reading the headers!!?!?! OMG! call the chief of police, STAT!

 

[Gamingphreek]

Originally posted by: randay

Originally posted by: Gamingphreek

Originally posted by: AstroManLuca
Wow, 10k posts and studying CS and you don't know what a Nigerian 419 scam is?

I do know the scam... thats what I said SPAM from.....

I'm just wondering why no one has managed to catch the sender yet and if I might be able to learn some valuable data mining techniques from the headers and what not.

-Kevin

HOLY SHIT! why hasnt anyone thought of this before? why dont we just find out who they are by reading the headers!!?!?! OMG! call the chief of police, STAT!

I never said just READ the headers. Jeez what brought out the trolls today??

I said based on that - can we start tracing where it came from. I'm sure people have tried it before - I just wanted to learn some things about IT Security, Network and Email protocols and what not...

-Kevin

 

[randay]

Originally posted by: Gamingphreek

Originally posted by: randay

Originally posted by: Gamingphreek

Originally posted by: AstroManLuca
Wow, 10k posts and studying CS and you don't know what a Nigerian 419 scam is?

I do know the scam... thats what I said SPAM from.....

I'm just wondering why no one has managed to catch the sender yet and if I might be able to learn some valuable data mining techniques from the headers and what not.

-Kevin

HOLY SHIT! why hasnt anyone thought of this before? why dont we just find out who they are by reading the headers!!?!?! OMG! call the chief of police, STAT!

I never said just READ the headers. Jeez what brought out the trolls today??

I said based on that - can we start tracing where it came from. I'm sure people have tried it before - I just wanted to learn some things about IT Security, Network and Email protocols and what not...

-Kevin

i already answered your question. the point i am trying to make is that its an obvious route to try and its pretty much impossible. even if you did all the work to find the guy they are in nigeria. thats the whole point. nigeria. what are you gonna do about it? bomb them?

first thing you have to learn about email headers, is they are complete bullshit. you can fabricate everything in it easily except for the IP. then 99% of them are open relays, compromised machines, or spoofed.

post your email header.

 

[Gamingphreek]

Headers:
From - Thu Dec 4 09:45:12 2008
X-Account-Key: account2
X-UIDL: 4787-1136949038
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <tomberenger@universia.pt>
Delivery-receipt-to: tomberenger@universia.pt
Received: from yuna.cc.vt.edu (yuna.cc.vt.edu [198.82.161.186])
by lyta.cc.vt.edu
(iPlanet Messaging Server 5.2 HotFix 2.09 (built Nov 18 2005))
with ESMTP id <0KBC007RVOS1Q7@lyta.cc.vt.edu> for boydk@vt.edu; Thu,
04 Dec 2008 06:48:01 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
by yuna.cc.vt.edu (MOS 3.8.6-GA) id EJJ42350; Thu,
04 Dec 2008 06:48:01 -0500 (EST)
Received: from dagger.cc.vt.edu (dagger.cc.vt.edu [198.82.163.114])
by yuna.cc.vt.edu (MOS 3.8.6-GA) with ESMTP id EJJ42349; Thu,
04 Dec 2008 06:48:00 -0500 (EST)
Received: from daganzo.mx1.universia.net (EHLO daganzo.mx1.universia.net)
([195.149.210.98]) by dagger.cc.vt.edu (MOS 3.10.2-GA FastPath queued)
with ESMTP id KNX11710; Thu, 04 Dec 2008 06:37:37 -0500 (EST)
Received: from mail.universia.net (baterno.univ.corp [192.168.41.103])
by daganzo.mx1.universia.net (Postfix) with SMTP id 7069B1E3988; Thu,
04 Dec 2008 12:37:22 +0100 (CET)
Received: from 216.250.221.135
(SquirrelMail authenticated user tomberenger@universia.pt)
by mail.universia.net with HTTP; Thu, 04 Dec 2008 11:37:22 +0000 (WET)
Date: Thu, 04 Dec 2008 11:37:22 +0000 (WET)
From: Tom Berenger <tomberenger@universia.pt>
Subject: Mr. Roy J. Kevin
To: undisclosed-recipients: ;
Reply-to: tomberenger111@yahoo.com
Message-id: <63063.216.250.221.135.1228390642.squirrel@mail.universia.net>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Importance: Normal
X-Priority: 3
User-Agent: SquirrelMail/1.4.2
X-Mirapoint-Received-SPF: 195.149.210.98 daganzo.mx1.universia.net
tomberenger@universia.pt 5 none
X-Junkmail-Status: score=10/50, host=dagger.cc.vt.edu
X-Junkmail-SD-Raw: score=unknown,
refid=str=0001.0A090202.4937C371.0139:SCFSTAT3415492,ss=1,fgs=0,
ip=195.149.210.98, so=2008-08-01 02:07:42, dmn=5.7.1/2008-09-02,
mode=single engine
X-Junkmail-IWF: false
X-Mirapoint-Loop-Id: 6cf893001e2b707779e7a8cac3bbc97c
Original-recipient: rfc822;boydk@vt.edu


I know the headers can be fabricated, but I didn't know that leaves it unable to be traced. How would someone normally get around fabricated headers?

-Kevin

 

[Crusty]

Originally posted by: Gamingphreek

Originally posted by: randay

Originally posted by: Gamingphreek

Originally posted by: AstroManLuca
Wow, 10k posts and studying CS and you don't know what a Nigerian 419 scam is?

I do know the scam... thats what I said SPAM from.....

I'm just wondering why no one has managed to catch the sender yet and if I might be able to learn some valuable data mining techniques from the headers and what not.

-Kevin

HOLY SHIT! why hasnt anyone thought of this before? why dont we just find out who they are by reading the headers!!?!?! OMG! call the chief of police, STAT!

I never said just READ the headers. Jeez what brought out the trolls today??

I said based on that - can we start tracing where it came from. I'm sure people have tried it before - I just wanted to learn some things about IT Security, Network and Email protocols and what not...

-Kevin

If you didn't want trolls then you should have not posted in OT.

 

[Gamingphreek]

Originally posted by: Crusty

Originally posted by: Gamingphreek

Originally posted by: randay

Originally posted by: Gamingphreek

Originally posted by: AstroManLuca
Wow, 10k posts and studying CS and you don't know what a Nigerian 419 scam is?

I do know the scam... thats what I said SPAM from.....

I'm just wondering why no one has managed to catch the sender yet and if I might be able to learn some valuable data mining techniques from the headers and what not.

-Kevin

HOLY SHIT! why hasnt anyone thought of this before? why dont we just find out who they are by reading the headers!!?!?! OMG! call the chief of police, STAT!

I never said just READ the headers. Jeez what brought out the trolls today??

I said based on that - can we start tracing where it came from. I'm sure people have tried it before - I just wanted to learn some things about IT Security, Network and Email protocols and what not...

-Kevin

If you didn't want trolls then you should have not posted in OT.

Or you could start acting like you have 7000+ posts, has been here since 01, and knows the rules about trolling!

 

[Crusty]

Originally posted by: Gamingphreek

Originally posted by: Crusty

Originally posted by: Gamingphreek

Originally posted by: randay

Originally posted by: Gamingphreek

Originally posted by: AstroManLuca
Wow, 10k posts and studying CS and you don't know what a Nigerian 419 scam is?

I do know the scam... thats what I said SPAM from.....

I'm just wondering why no one has managed to catch the sender yet and if I might be able to learn some valuable data mining techniques from the headers and what not.

-Kevin

HOLY SHIT! why hasnt anyone thought of this before? why dont we just find out who they are by reading the headers!!?!?! OMG! call the chief of police, STAT!

I never said just READ the headers. Jeez what brought out the trolls today??

I said based on that - can we start tracing where it came from. I'm sure people have tried it before - I just wanted to learn some things about IT Security, Network and Email protocols and what not...

-Kevin

If you didn't want trolls then you should have not posted in OT.

Or you could start acting like you have 7000+ posts, has been here since 01, and knows the rules about trolling!

This is OT, get over it. If you had posted somewhere else I would have been inclined to actually help you with your questions.... but since you can't be bothered to follow the rules why should I?

 

[yllus]

Originally posted by: Gamingphreek
I know the headers can be fabricated, but I didn't know that leaves it unable to be traced. How would someone normally get around fabricated headers?

-Kevin

You don't. If you could rely on e-mail relays to require accurate headers it would be possible, but that isn't the case. The college you think it's coming from is probably just a compromised machine acting as the starting relay for the message to be sent from somewhere else.

There's nothing you can do. If there was something that could be done, it would have been done already - spam is a costly fact of life for businesses. At last count, my company has 21 machines dedicated to the sole task of acting as e-mail relays because of how CPU intensive the anti-virus and and spam detection software is. Reactive measures is all that we can do.

 

[Gamingphreek]

Originally posted by: Crusty

Originally posted by: Gamingphreek

Originally posted by: Crusty

Originally posted by: Gamingphreek

Originally posted by: randay

Originally posted by: Gamingphreek

Originally posted by: AstroManLuca
Wow, 10k posts and studying CS and you don't know what a Nigerian 419 scam is?

I do know the scam... thats what I said SPAM from.....

I'm just wondering why no one has managed to catch the sender yet and if I might be able to learn some valuable data mining techniques from the headers and what not.

-Kevin

HOLY SHIT! why hasnt anyone thought of this before? why dont we just find out who they are by reading the headers!!?!?! OMG! call the chief of police, STAT!

I never said just READ the headers. Jeez what brought out the trolls today??

I said based on that - can we start tracing where it came from. I'm sure people have tried it before - I just wanted to learn some things about IT Security, Network and Email protocols and what not...

-Kevin

If you didn't want trolls then you should have not posted in OT.

Or you could start acting like you have 7000+ posts, has been here since 01, and knows the rules about trolling!

This is OT, get over it. If you had posted somewhere else I would have been inclined to actually help you with your questions.... but since you can't be bothered to follow the rules why should I?

Everyone else has shown they are mature enough to answer my questions. There is nothing wrong with this being on OT - Security might suit it better, but this isn't a measure of computer security. It is a question on back tracing E-Mails via headers.

You don't. If you could rely on e-mail relays to require accurate headers it would be possible, but that isn't the case. The college you think it's coming from is probably just a compromised machine acting as the starting relay for the message to be sent from somewhere else.

There's nothing you can do. If there was something that could be done, it would have been done already - spam is a costly fact of life for businesses. At last count, my company has 21 machines dedicated to the sole task of acting as e-mail relays because of how CPU intensive the anti-virus and and spam detection software is. Reactive measures is all that we can do.

So since there is a relay machine (probably 1 out of many) what prevents them from tracking the relay machines and hopping from machine to machine. For instance, since this is at this University, could someone not find the connection that is used to make the relay and trace that to the next point? If that makes any sense...

-Kevin