strange mail
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: strange mail

  1. #1
    Banned
    Join Date
    Apr 2004
    Posts
    410

    Question strange mail

    i got this wierd mail, in my yahoo account
    ____________________________
    X-Apparently-To: yourdeadin@yahoo.co.in via 202.43.219.150; Fri, 01 Oct 2004 10:42:45 +0530
    X-YahooFilteredBulk: 202.88.147.83
    X-Originating-IP: [202.88.147.83]
    Return-Path: <20hcpb2004@yahoo.com>
    Received: from 202.88.147.83 (EHLO yahoo.co.in) (202.88.147.83) by mta105.mail.in.yahoo.com with SMTP; Fri, 01 Oct 2004 10:42:45 +0530
    From: 20hcpb2004@yahoo.com Add to Address Book
    To: yourdeadin@yahoo.co.in
    Subject: Mail Delivery (failure yourdeadin@yahoo.co.in)
    Date: Sat, 31 Jan 2004 10:42:37 +0530
    MIME-Version: 1.0
    Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
    X-Priority: 3
    X-MSMail-Priority: Normal
    Content-Length: 30873


    If the message will not displayed automatically,
    follow the link to read the delivered message.

    Received message is available at:
    http://www.yahoo.co.in/inbox/yourdea...essionid-13267


    ____________________________________________________
    when i followed this link
    i got to my yahoo id page


    so it was kinda wierd , but i felt unsafe to login in,this mail was filtered in my bulk mail , so should i enter to that site??
    plz help

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'm kinda curious... could you right click on the link in your browse and click copy shortcut and paste it in here.... You did a straight cut and paste from the looks of it... so you would have lost the actual shortcut link... I want to see if it's one of the old browser exploits....

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724
    I'd just delete it.
    When death sleeps it dreams of you...

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by muert0
    I'd just delete it.
    Hey Hey,

    Deleting it would take all the fun out of finding out if it's a scam, what kind of scam it is and what it involves.... Doing a little research might benefit others down the road from being scammed...

    peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Junior Member
    Join Date
    Feb 2003
    Posts
    19
    It's probably just a link to a website that infects ur pc with a virus.. I would delete it!

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    It's possible to be a link to scare you as well. Sine you're logged in, you'd be able to see your page [arguably, if they used your Yahoo!ID they could craft a link like that, substituting the proper ID where needed]

    But it could be an exploit, so analyzing the link would be helpful [as HTRegz suggested]
    /\\

  7. #7
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    "X-YahooFilteredBulk: 202.88.147.83
    X-Originating-IP: [202.88.147.83]
    Return-Path: <20hcpb2004@yahoo.com>"

    there's your start, but since we aren't supposed to retaliate in a civilised world.....*snickers....sounds like it's cross scripting....and it's a good thing you didn't feel comfortable....not like it would matter much, I mean....it is only dealing with your Yahoo account right?
    Every now and then, one of you won't annoy me.

  8. #8
    Senior Member
    Join Date
    Mar 2002
    Posts
    502
    You are being the victim of a session fixation attack. I wrote an article about this. The attacker has created a session on the yahoo server, and, if the server has the "proper" session management system, will be able to use your active session if you login, as he will only be required to visit the site while giving the same session ID in the url arguments, as he gave you in the email link.

    Avoid giving any personal information to a site, when the URL to that site was given to you by third parties and contains an obvious session id or weird complex URL arguments.
    Bleh.

  9. #9
    Banned
    Join Date
    Sep 2004
    Posts
    77
    this is certainly a malicious activity whether for creating a predefined session or putting a virus into ur pc, but what the hell all these junk spams doin' on the net. THere is another type of email virus giving 'delivery failure' notice in the subject line. Why yahoo is so much vulnerable to such viruses...........

  10. #10
    Banned
    Join Date
    Apr 2004
    Posts
    94
    hi there

    do not even dare think to access that link
    coz if u do so and enter ur login info
    u wont enter the site but u'll send ur login details to someone who is actually tryin to get them

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •