Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Nigerian 419er posing as Lawfirm

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Sun Jul 08, 2007 1:08 pm    Post subject: Nigerian 419er posing as Lawfirm Reply with quote

Good ole 419ers...
Quote:
Reply-To: jnewman1010@hotmail.com

MIME-Version: 1.0

Content-Type: text/plain

Content-Transfer-Encoding: 8bit

Message-Id: <20070707122500.4E771E125C@veronique.gransy.com>
Date: Sat, 7 Jul 2007 14:24:59 +0200 (CEST)



Attention: Bequest Beneficiary,



We act as solicitors and our services have been retained by Henry Cox, now late here in after referred to as our client. On behalf of late Henry Cox, I write to notify you that our late client made you a beneficiary to the bequest sum of One Million, Seven Hundred Thousand British pound sterling in the codicil to his will and last testament.



Henry Cox died on 8th day of February 2005 after a brief illness at the age of 85. Until his death he was consultant to several oil and gas industries. He had a sojourn in the United States and so many other countries before he came to Cairn Energy PLC oil and gas exploration and Production Company based in the United Kingdom. He was a knight in the Church and belonged to several non-governmental and scientific organizations. He was also a great philanthropist and a Paul Harris Fellow of the Rotary Club International.



This bequest is to support your activities, humanitarian services and help to the less privileged. In accordance with our inheritance law you are required to apply for claims through this law firm to a Finance House in United Kingdom, where this fund was deposited. We are perfecting arrangements to complete the transfer of this inheritance to you.



You are required to forward the following details of yours; full

names, address, occupation, age, phone and fax numbers to Johnson



Newman (Attorney At Law) through this email address: johnsonnewman@katamail.com, for verification and re-confirmation.Please acknowledge the receipt of this letter immediately by replying.



Yours in service,



Dynamic Law Firm,

Solicitors & Advocates.

12 Campshill Road,

London United Kingdom.

Phone:+44 7011 1463 55

Of course this is the "sent to the wrong recipient" variant of an advanced fee fraud.

Email headers:
Quote:
Return-Path: <www-data@veronique.gransy.com>
X-Flags: 1001
Delivered-To: <spamtrap>
Received: (qmail invoked by alias); 07 Jul 2007 12:26:22 -0000
Received: from veronique.gransy.com (EHLO veronique.gransy.com) [87.236.199.200]
by mx0.gmx.net (mx032) with SMTP; 07 Jul 2007 14:26:22 +0200

Received: by veronique.gransy.com (Postfix, from userid 33)
id 4E771E125C; Sat, 7 Jul 2007 14:25:00 +0200 (CEST)
To: <spamtrap>
Subject: Bequest Beneficiary
From: Dynamic Law Firm <johnsonnewman@katamail.com>
Date: Sat, 7 Jul 2007 14:26:22 +0200

The spam sender veronique.gransy.com appears to be some server running on autopilot (phpinfo() as default page). Even more obscure, the main site www.gransy.com looks like this:
Quote:
Google PageRankURL (ohne http ://): (z.B. "www.gaijin.at")[1]

[cue input field with submit button of a form]



HTTP/1.1 403 Forbidden Content-Type: text/html Server: GWS/2.1 Content-Length: 4410 Date: Sun, 08 Jul 2007 20:41:20 GMT Google
Error


Forbidden
Your client does not have permission to get URL /search?client=navclient-auto&ch=6597754464&ie=UTF-8&oe=UTF-8&features=Rank:FVN&q=info: from this server. (Client IP address: 82.208.29.194)

Please see Google's Terms of Service posted at http ://www.google.com/terms_of_service.html
[...]

Some search engine spammer's b0rked scripts, perhaps? Smile
82.208.29.194, the referenced Ip address by Google, resolves to nathalia.gransy.com.

This mess is kindly hosted by the following Czech company:
Quote:
% Information related to '87.236.192.0/21AS35592'

route: 87.236.192.0/21
descr: Network of Coolhousing
org: ORG-Cs57-RIPE
origin: AS35592
mnt-by: COOLHOUSING-MNT
source: RIPE # Filtered

organisation: ORG-Cs57-RIPE
org-name: Coolhousing s.r.o.
org-type: LIR
address: Na okraji 6
address: 16200
address: Prague 6
address: Czech Republic
phone: +420777310000
fax-no: +420235362104
admin-c: FH989-RIPE
admin-c: OF156-RIPE
admin-c: KU82-RIPE
admin-c: PKK6-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: COOLHOUSING-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered


Domain owner is a Czech, but since this is irrelevant in the context of the 419er scam I'll leave this out. As always the question remains why a legit Law firm would resort to spamming scraped email addresses, using anonymous freemail accounts as contact address and pumping messages through compromised web servers.

Olliver

--
[1] "ohne" is German for "without". "z.B." is the German equivalent to "e.g.".The term "gaijin" is Japanese for "stranger", but more in a negative sense
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group