Subject: | Re: (KMM111305530V2626L0KM) |
---|---|
Date: | Wed, 30 Jun 2010 05:57:58 -0700 |
From: | Yahoo! Mail <abuse@yahoo.com> |
Reply-To: | Yahoo! Mail <abuse@yahoo.com> |
To: | philip <*****@gmail.com> |
Hello, Thank you for writing to Yahoo! Mail.
It appears as though you have received one or more emails containing a "worm" virus. These types of viruses spread themselves by mass sending an email with an infected attachment to addresses found in an infected computer's address book, local files, etc. The virus hopes the infected emails reach unsuspecting recipients and entice them to open the attachment thus infecting the recipient's computer.
If you feel that your account has been compromised, we encourage you to update your password and any other information on your Yahoo! account. For useful information and resources regarding online security, please visit the Yahoo! Security Center at the following location:
http://security.yahoo.com
If you are concerned that you might have contracted a virus, and you have anti-virus software installed, we recommend that you make sure the software's virus definitions are updated and then scan your computer. If you do not currently have anti-virus software installed on your computer, you might want to consider obtaining this type of software.
Please be aware that Yahoo! Mail is a Web-based email system, and if you're checking your email through Yahoo!'s website, simply viewing email messages does not make your computer vulnerable to viruses--even when attachments are present. This is because your email messages, address book and other account information are stored on Yahoo!'s servers rather than on your own computer.
However, should you choose to download an attachment by either opening it or saving it to your computer, your computer becomes vulnerable to computer viruses. The same is true for all files you download to your computer (whether email attachments or not), so it is important that you are careful when downloading attachments from both known and unknown sources.
If you have updated your anti-virus software, scanned your computer and found that your system is clean, your computer is most likely not infected, but rather is receiving a virus that is attempting to spread itself through email. There is no way to stop the virus from attempting to spread; however, if you are receiving multiple emails they should eventually subside. Until these types of messages stop arriving to your account, you may want to consider utilizing our filter feature to direct these messages to a folder of your choosing. You can find more information on how to use this feature at the following location:
http://help.yahoo.com/l/us/yahoo/mail/original/manage/manage-35.html
If you use another email program, you may want to check to see if your email program also has a filter feature you can use. If you are interested in obtaining any information regarding the latest viruses, please visit the virus encyclopedia at:
http://securityresponse.symantec.com/
Thank you again for contacting Yahoo! Mail.
Regards, Jeph
Yahoo! Customer Care
72872624
For assistance with all Yahoo! services please visit:
http://help.yahoo.com/
Original Message Follows:
-------------------------
Since December 27, 2009 I have been receiving emails from irinatorina@yahoo.ca which links to web sites in Russia and/or China that illegally offers prescription drugs for sale. I have repeatedly notified Yahoo of this spam and the fact it involves Russian Mafia and the Chinese. Yahoo keeps denying that the mail was sent via their service then acknowledging it came from their service (webmail) but the account has been closed.
Just last week Yahoo said they closed the account (for the fourth time) and today I receive another spam from the same email that has been closed.
The source code of the message I received today:
------------------message source code -----------------
Delivered-To: *****@gmail.com
Received: by 10.216.164.132 with SMTP id c4cs78483wel;
Mon, 28 Jun 2010 06:26:38 -0700 (PDT) Received: by 10.115.66.34 with SMTP id t34mr5374162wak.6.1277731597358;
Mon, 28 Jun 2010 06:26:37 -0700 (PDT) Return-Path: <irinatorina@yahoo.ca>
Received: from web37406.mail.mud.yahoo.com (web37406.mail.mud.yahoo.com [209.191.91.138]) by mx.google.com with SMTP id c39si7279971wam.36.2010.06.28.06.26.35;
Mon, 28 Jun 2010 06:26:36 -0700 (PDT)
Received-SPF: neutral (google.com: 209.191.91.138 is neither permitted nor denied by best guess record for domain of irinatorina@yahoo.ca client-ip=209.191.91.138; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.191.91.138 is neither permitted nor denied by best guess record for domain of irinatorina@yahoo.ca) smtp.mail=irinatorina@yahoo.ca;
dkim=pass (test mode) header.i=@yahoo.ca
Received: (qmail 51646 invoked by uid 60001); 28 Jun 2010 13:26:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.ca;
s=s1024; t=1277731591; bh=e52XG1VrB1EGvNG3drCs5BepBCxxCaSoYFO5y/Btk9s=;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Con tent-Type; b=tGPa7srBtGzrROAXB8ooMvRda/G9kRlV1HGXlQ4W/Qm+1O02nDnMTlwmqFwycUpuXaVDrd iBZGqte8iNW7PAQFfVFVia1nBYUhLJZa8S5ZDwLfdWZzPF7RpVaWLDyGq8+jwW/QumLIbC5Z eo9F+iA6cRYTMQ92A1x6YOy/47kuI=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.ca;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Con tent-Type; b=5rzJXRyKgylWU4f/FE4HsXJQSqG57kJ7PtN+s25O0ADPqJXTAySu7NJ8Z2JMzhjA67iNsU SLnk1AR+wOw/aWs8mgox4j1IirnZ86dUiuq+N6YlzrD9yEV+FO+IgUkGVO89GNDf+koxckpn ex29g40tY3YisWkIEQpzLCWJq7inc=; Message-ID: <716159.51314.qm@web37406.mail.mud.yahoo.com>
X-YMail-OSG: WmRAvpsVM1n2n4jBuv4ydboquy9uOEvnShTKesIjlHfMkNN C3APt1tqizkYN6ootFSnTrNQ1WYYgRp0lgM8Ukj5xvsAqtzN6YLg5SW3QkwO 5EqD8EEwx0Igo8sG_LIj2PZBFAGbjIq7fN58VRVs_BP1ZqoV3s6w8npkxNOG IS2Nz0tnOVxgNPnyFaLfELGL_rWVB9jcVnOhSi_5BBN4V.gzRAlObFBgYfVq Wg_EhDtHO17BSMB84MDtcDRmzAu1hb_NPbwXV4ugZ9iATVwgDB.XCDwLRsMi XBxTYlj4AyaqBAK2wlm72ayAAtn80VnGYsGAN1Jkguro_kW.VjtwcmsYeKbU wuIQhKYXRBUC7UGV999D3VuK3VVx8jZpfsO1nFFZYW3eGlym3Fvd65qU6ypq W5uo-
Received: from [189.69.80.83] by web37406.mail.mud.yahoo.com via HTTP;
Mon, 28 Jun 2010 06:26:31 PDT
X-Mailer: YahooMailWebService/0.8.104.274457
Date: Mon, 28 Jun 2010 06:26:31 -0700 (PDT)
From: Irina Torina <irinatorina@yahoo.ca>
To: *****@gmail.com, *****@yahoo.com, *****@yahoo.ca, *****@tesoc.org, *****@cathcrosscultural.org, *****@costi.org, *****@cambridge.ca, *****@hotmail.com, *****@sunwing.ca, *****@mail.ru
MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii http://sdrhieta71s.mnilcofyx.com
---------------------------------------
The web site http://sdrhieta71s.mnilcofyx.com is hosted on servers located at IP 222.160.236.242
WorldIP Whois for the server the site resides on is: 222.160.236.242
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 222.160.0.0 - 222.163.31.255
netname: UNICOM-JL
descr: China Unicom Jilin province network
descr: China Unicom
country: CN
admin-c: CH1302-AP
tech-c: WT92-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-JL
mnt-routes: MAINT-CNCGROUP-RR
changed: *****@apnic.net 20031212
status: ALLOCATED PORTABLE
changed: *****@apnic.net 20040301
changed: *****@apnic.net 20060124
changed: *****@apnic.net 20090508
source: APNIC
route: 222.160.0.0/14
descr: CNC Group CHINA169 Jilin Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: *****@cnc-noc.net 20060118
source: APNIC
person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: *****@chinaunicom.cn
address: No.21,Jin-Rong Street
address: Beijing,100140
address: P.R.China
phone: +86-10-66259940
fax-no: +86-10-66259764
country: CN
changed: *****@chinaunicom.cn 20090408
mnt-by: MAINT-CNCGROUP
source: APNIC
person: Wang Tiegang
nic-hdl: WT92-AP
e-mail: *****@mail.jl.cn
address: NO.3535,Renmin Street, ChangChun ,
address: Jilin province , 130021 , P.R. China
phone: +86-431-5560792
fax-no: +86-431-5560816
country: CN
changed: *****@mail.jl.cn 20060626
mnt-by: MAINT-CNCGROUP-JL
source: APNIC
To me this is a clear indication the Chinese government is aware their hackers are targeting Canadians and Americans for phishing attacks and identity theft. Because Yahoo! continues to allow the Russian Mafia to used this email account (which was hijacked), Yahoo is condoning and facilitating these phishing attacks by the Russians and Chinese.
Cc: https://complaint.ic3.gov/
-------- Original Message --------
Delivered-To: *****@gmail.com Received: by 10.216.164.132 with SMTP id c4cs78483wel; Mon, 28 Jun 2010 06:26:38 -0700 (PDT)
Received: by 10.115.66.34 with SMTP id t34mr5374162wak.6.1277731597358; Mon, 28 Jun 2010 06:26:37 -0700 (PDT)
Return-Path: <irinatorina@yahoo.ca>
Received: from web37406.mail.mud.yahoo.com (web37406.mail.mud.yahoo.com [209.191.91.138]) by mx.google.com with SMTP id c39si7279971wam.36.2010.06.28.06.26.35; Mon, 28 Jun 2010 06:26:36 -0700 (PDT)
Received-SPF: neutral (google.com: 209.191.91.138 is neither permitted nor denied by best guess record for domain of irinatorina@yahoo.ca) client-ip=209.191.91.138;
Authentication-Results: mx.google.com; spf=neutral (google.com: 209.191.91.138 is neither permitted nor denied by best guess record for domain of irinatorina@yahoo.ca) smtp.mail=irinatorina@yahoo.ca;
dkim=pass (test mode) header.i=@yahoo.ca
Received: (qmail 51646 invoked by uid 60001); 28 Jun 2010 13:26:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.ca; s=s1024; t=1277731591; bh=e52XG1VrB1EGvNG3drCs5BepBCxxCaSoYFO5y/Btk9s=;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Con tent-Type;
b=tGPa7srBtGzrROAXB8ooMvRda/G9kRlV1HGXlQ4W/Qm+1O02nDnMTlwmqFwycUpuXaVDrd iBZGqte8iNW7PAQFfVFVia1nBYUhLJZa8S5ZDwLfdWZzPF7RpVaWLDyGq8+jwW/QumLIbC5Z eo9F+iA6cRYTMQ92A1x6YOy/47kuI=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.ca;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Con tent-Type;
b=5rzJXRyKgylWU4f/FE4HsXJQSqG57kJ7PtN+s25O0ADPqJXTAySu7NJ8Z2JMzhjA67iNsU SLnk1AR+wOw/aWs8mgox4j1IirnZ86dUiuq+N6YlzrD9yEV+FO+IgUkGVO89GNDf+koxckpn ex29g40tY3YisWkIEQpzLCWJq7inc=;
Message-ID: <716159.51314.qm@web37406.mail.mud.yahoo.com>
X-YMail-OSG: WmRAvpsVM1n2n4jBuv4ydboquy9uOEvnShTKesIjlHfMkNN C3APt1tqizkYN6ootFSnTrNQ1WYYgRp0lgM8Ukj5xvsAqtzN6YLg5SW3QkwO 5EqD8EEwx0Igo8sG_LIj2PZBFAGbjIq7fN58VRVs_BP1ZqoV3s6w8npkxNOG IS2Nz0tnOVxgNPnyFaLfELGL_rWVB9jcVnOhSi_5BBN4V.gzRAlObFBgYfVq Wg_EhDtHO17BSMB84MDtcDRmzAu1hb_NPbwXV4ugZ9iATVwgDB.XCDwLRsMi XBxTYlj4AyaqBAK2wlm72ayAAtn80VnGYsGAN1Jkguro_kW.VjtwcmsYeKbU wuIQhKYXRBUC7UGV999D3VuK3VVx8jZpfsO1nFFZYW3eGlym3Fvd65qU6ypq W5uo-
Received: from [189.69.80.83] by web37406.mail.mud.yahoo.com via HTTP;
Mon, 28 Jun 2010 06:26:31 PDT
X-Mailer: YahooMailWebService/0.8.104.274457
Date: Mon, 28 Jun 2010 06:26:31 -0700 (PDT)
From: Irina Torina <irinatorina@yahoo.ca>
To: *****@gmail.com, *****@yahoo.com, *****@yahoo.ca, *****@tesoc.org, *****@cathcrosscultural.org, *****@costi.org, *****@cambridge.ca, *****@hotmail.com, *****@sunwing.ca, *****@mail.ru
MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii
http://sdrhieta71s.mnilcofyx.com
-----------------------------
N.B. Following links in this article will take you to sites in China that may infect your Windows computer with malware.
No comments:
Post a Comment