The last few days I see spam with "DEAR ... / 2012-12-19

2012-12-19 The last few days I see spam with "DEAR ... 6 years ago
The last few days I see spam with "DEAR CUSTOMER , Recipient's address is wrong" and lots of links to links4.upsemail.com which is (I think) a valid site for tracking clicks in e-mail from UPS. Links are (for example):
hxxp://links4.upsemail.com/ctt?kn=3&m=16066552&r=9LCA26DY68O4HU1P&b=0&j=LASU4T6PIJPKLW&mt=1&rt=0
hxxp://links4.upsemail.com/servlet/MailView?ms=81TITOUFS04A04&r=K851ONABGC30WSD7&j=BNA37BK35LK2NF&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=1&m=40062923&r=XEO02BUI1H5FUS0M&b=0&j=6GA5EUXTGJ6KFH&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=52&m=13343317&r=1UWH7S3LBU1DUABO&b=0&j=QFSYI6Y0VN3NOP&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=18&m=32396777&r=QZ5HSNPBK1285KGN&b=0&j=X48G2N2PF3NZFP&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=16&m=36369217&r=FZBV3Q9CZFR4C36S&b=0&j=O0MA3JUIKH0K1M&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=52&m=67274114&r=QQ54SRKQT7FGA4PR&b=0&j=YY2YOC09FG6OLE&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=5&m=66139348&r=WW5ZQDETIVLKZNX1&b=0&j=Q4Y4KVCVGFNY7C&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=9&m=58627726&r=4POI8VXRWQROV7CV&b=0&j=E7Q99Y7Q05V5SX&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=4&m=19291753&r=MH07E0XAQQRW2FW6&b=0&j=J8DULAEC1Z5339&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=1&m=49811521&r=T19OA41LF3AIOBIV&b=0&j=COQIQT8FZDK2MX&mt=1&rt=0
hxxp://links4.upsemail.com/ctt?kn=0&m=76297040&r=077SN1P0KB29KRKQ&b=0&j=UBEVGIVEIU20YB&mt=1&rt=0
Which all return a 0-byte document for me, even when I set my browser with a user-agent which looks like a vulnerable browser. This is quite strange to me. I used the contact option on the UPS website to ask about this.

There is one link to a different host, with the title Track your Shipment now! with url hxxp://galinaspec.ru/letter.htm which contains a redirect to a java exploit.

Latest posts warning about messages suggesting they are from UPS that I see are from 2009 so I guess this is a new flood. Don't fall for it.

Tags: , ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.003601 seconds.