wlado's website

Odkud mi chodí výpalný spam

Posledních pár měsíců chodí obtěžující mail na téměř všechny emailové adresy a to včetně mrchosoftího služebního. Má zhruba toto znění:

......................................................
Hi!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,
transfer the amount of $729 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 1GdSHQ4aE7zUD8HDqVJDEwU9dxn3LfJLMK

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!
......................................................

Pro zjištění původu je nutné se podívat na hlavičku emailu:

......................................................
Return-Path:
Delivered-To: moje_jmeno@moje_domena.cz
Received: from [193.0.155.207] (unknown [193.0.155.207])
by moje_domena.cz (Postfix) with ESMTP id EE0B34B25F5
for ; Sat, 2 Mar 2019 12:03:29 +0100 (CET)
From:
To:
Subject: Your account has been hacked! You need to unlock.
Date: 2 Mar 2019 15:29:29 +0200
Message-ID: <001201d4d100$040fabc9$87913e89$@moje_domena.cz>
MIME-Version: 1.0
Content-Type: text/plain;
charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Acf5h9kby7h9fui9f5h9kby7h9fui9==
Content-Language: en-us
......................................................

z hlavičky vyplývá, že email nebyl odeslan z moje_domena.cz, ale z IP adresy 193.0.155.207 a zbytek je podvržen. Navíc email je odeslán z Microsoft Outlooku, takže někdo má napaden počítač a zřejmě ani neví, že rozesílá tenhle spam.

Pro zjistění polohy (koncového) odesílatele se dá použít služba: https://www.iplocation.net/

a výsledek je následující - zase rusové:


ip-spam