Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

!! WARNING !! Bogus "Yahoo" email


  • Please log in to reply
6 replies to this topic

#1 Groffeaston

Groffeaston

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:45 PM

Posted 18 October 2011 - 11:51 PM

Hello everyone,

I recently got an email that says it is from "Yahoo Customer Care" with the subject: "UPDATE TO ALL YAHOO USERS". Below is a copy of what the email says and then the Full header information. Please note: I am providing a warning to not click on the included link. I do not know how to disable the link.


WARNING: DO NOT CLICK ON THE LINK!


Dear Yahoo User,

We currently updating our database, used account will be deletted for new
accounts to be made available. If you account is Valid click the link.
hxxps://docs.google.com/spreadsheet/viewform?formkey=dG56UV9wOHlXaU45MGdFc1R1cXdlbGc6MQ

Yahoo Webmaster



From Yahoo Customer Care Tue Oct 18 15:55:36 2011
X-Apparently-To: <removed> via 98.139.211.89; Tue, 18 Oct 2011 15:55:39 -0700
Return-Path: <info@yahoocustomercare.com>
Received-SPF: temperror (encountered temporary error during SPF processing of domain of yahoocustomercare.com)
IG91ciBkYXRhYmFzZSwgdXNlZCBhY2NvdW50IHdpbGwgYmUgZGVsZXR0ZWQg
Zm9yIG5ldwphY2NvdW50cyB0byBiZSBtYWRlIGF2YWlsYWJsZS4gSWYgeW91
IGFjY291bnQgaXMgVmFsaWQgY2xpY2sgdGhlIGxpbmsuCmh0dHBzOi8vZG9j
cy5nb29nbGUuY29tL3NwcmVhZHNoZWV0L3ZpZXdmb3JtP2Zvcm1rZXk9ZEc1
NlVWOXdPSGxYYVU0NU1HZEZjMVIxY1hkbGJHYzZNUQoKWWFob28BMAEBAQE-
X-YMailISG: EkHzruUWLDvjF_FzpJ0zQnCVoKv_o788XtHLhkvRd7Pzza5o
ZBPQoa7wlRvVONvMexIsyUCVfOV09l9h64yMdBoIpX2hoJQ5mvBLuITwvEgl
LJrpRSDcx2gZQT23LhBjyDFAoR0L33QsGuS64FTCytN9vLG4ZjWq0J3dOgqv
Hw17sQdc6KSveP6Qf27rj5wwQzusYm4q57_qbwyrg3b0DBpc1XsejFUlvhFt
ZIbzI2_PgWNWlYnO_UKSgXbOzJQORRkXLsANsnl6lqZqeeR2p4C3bT4hRPMn
R3EkrC0dWa8yDBNlkxNzFvcnZsu7RZlt8FunK18idov2oFOtEX0A16_D57Ra
cX1_LNCEdQk6WreIqc4LhHJs0U8TJKYlmXlUFOv0iXqYBehfZUvjcWIgerem
V2BFX4NCBx6ME.BDSRrf5ncgTM5BRUemKCHntUKBAaeLB8zfarIGPb2f76Ri
dozwN6vrUkB_cbCYOZPnC1X8U6K6AhesEHWMtS_WXY9L2hInoet_2Vm3qgvi
Sre0.wOMFS1MI1xSqCigwjSnPMH3c8cvVjpfwzG_PzjNlRq4Cwg0vfqnSBCl
7Y7CViJ.rI_7Ue5rpWnKuB4d3EvM2H3BUvXgCUEgKM4h_o7l8wtpjvz2czAa
vN__n3aEFA8eyRS6UHJy8GdFaeflZgnmr5o5v9R03_IvzSMHaZ53zVBB9uVc
bthI3RC0fFwPNVAwpZtZ3ajXkkS12CIY2bF6Wbx8zT5UZbtrVzNP5Lf4CMX.
T8xnrSFe1b_9j1I26MQshjCXMYG0bqW2x_RAxT9n7BF6xczm9Nav1d0OxS4o
UdwjM3VWk5GR30S9gQwHFmV_eZMXGQLaNObaza7yHH7y9G9Cx4OthNXd8mpI
gUCFarLbwNVNaChMgd.fXbriLisZbYSi67DquzbLhp8pa8tNUtaVW.kXoE2k
0n8V8QUF.t8meL93cqH5qTjZilWGY0g3EIHzuyM4UH7Vbh0lFB4mtJNrqLSR
aiouWk0Pq55zfg2BWV2oVJUdX2rm.MkV06mu7H4bdZuJiEr7YoR6tc4ZKVYZ
RfaYOzZw8_EZemsMveHC7F9fR.XH93fDWJXXTS_qZQGmYMKmCTP57tiZ73CZ
5rTP6V2kbXIO2vUNprAgVcbumkiFgyha_27iUdjC9wZ8pa7C4o4IFROcNgLB
tKgyic9QDMYDKGu3s9mIW4JUxX169.Sd4CSzgC_RwfTeYiNVWORSLdYngqnu
I2TJtM31Lyq26FXNN.a1512WWM70yPPs8BDKOrWCCVBt5Tl_YHO5IqIblvUM
BZlYPxas0BcGbeSVBRS6JwTI_36ps_2iz.ka6rn0twYB_YR1YQ7FCguBiNiO
jTgzzbYSXxJchm9qnJ5gm0k16ZIpamtDMQS06ljNrk53K5ArMLi1DT7Zfjl3
X-Originating-IP: [200.18.33.189]
Authentication-Results: mta1451.mail.mud.yahoo.com from=yahoocustomercare.com; domainkeys=neutral (no sig); from=yahoocustomercare.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO jetta.cpd.ufsm.br) (200.18.33.189)
by mta1451.mail.mud.yahoo.com with SMTP; Tue, 18 Oct 2011 15:55:37 -0700
Received: from localhost ([127.0.0.1] helo=hostmail.ufsm.br)
by jetta.cpd.ufsm.br with esmtp (Exim 4.63)
(envelope-from <info@yahoocustomercare.com>)
id 1RGIZM-000442-PH; Tue, 18 Oct 2011 19:55:36 -0300
Received: from 41.203.64.129
(SquirrelMail authenticated user caroljrupp@mail.ufsm.br)
by hostmail.ufsm.br with HTTP;
Tue, 18 Oct 2011 19:55:36 -0300 (BRT)
Message-ID: <18614.41.203.64.129.1318978536.squirrel@hostmail.ufsm.br>
Date: Tue, 18 Oct 2011 19:55:36 -0300 (BRT)
Subject: UPDATE TO ALL YAHOO USERS
From: "Yahoo Customer Care" <info@yahoocustomercare.com>
Reply-To: info@yahoocustomercare.com
User-Agent: SquirrelMail/1.4.9a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Content-Length: 272



I seriously doubt this email came from Yahoo! I believe it is either a scam, spam, or loaded with a virus, Trojan or some other malware. That is why I did not click on the link, and I reported it to Yahoo as suspected Spam. Apparently I am not the only one. Because their customer care chat line is very very busy!

Can someone help me decipher the full header information to determine where this bogus email came from? So we can bust these @$%&*#'s! :thumbup2:

I did a little search with ProjectWhoIs on DomainTools.com. And found some very interesting Information.

I did an ICMP ping here are the results:

Ping Type: ICMP
Host IP Address Ping Time
1. 200.18.33.189 200.18.33.189 245.81ms
2. 200.18.33.189 200.18.33.189 232.27ms
3. 200.18.33.189 200.18.33.189 232.29ms
4. 200.18.33.189 200.18.33.189 232.77ms
5. 200.18.33.189 200.18.33.189 232.80ms
6. 200.18.33.189 200.18.33.189 232.28ms
7. 200.18.33.189 200.18.33.189 232.28ms

Total Duration: 1,640.50 ms
Average Ping: 234.36 ms

After I pinged, I traced the route it took, here are the results:

200.18.33.189 Traceroute
Hop T1 T2 T3 IP
1. 0.67ms 1.04ms 0.69ms 66.249.16.2 Reverse IP | Ping | DNS Lookup
2. 1.74ms 0.84ms 1.69ms 64.246.161.201 Reverse IP | Ping | DNS Lookup
3. 3.63ms 4.06ms 4.36ms igr1-pe2.blh.fibercloud.net Reverse IP | Ping | DNS Lookup
4. 6.65ms 7.06ms 6.66ms 12.119.199.41 Reverse IP | Ping | DNS Lookup
5. 62.90ms 66.08ms 63.68ms cr2.st6wa.ip.att.net Reverse IP | Ping | DNS Lookup
6. 63.57ms 64.74ms 63.03ms cr2.dvmco.ip.att.net Reverse IP | Ping | DNS Lookup
7. 63.87ms 62.87ms 65.34ms cr2.dlstx.ip.att.net Reverse IP | Ping | DNS Lookup
8. 62.54ms 61.94ms 62.38ms cr84.dlstx.ip.att.net Reverse IP | Ping | DNS Lookup
9. 60.55ms 60.66ms 60.59ms gar3.dlrtx.ip.att.net Reverse IP | Ping | DNS Lookup
10. 60.56ms 60.19ms 60.67ms 12.86.210.30 Reverse IP | Ping | DNS Lookup
11. 96.59ms 95.91ms 100.68ms g0-5-0-2.br2.dfw3.terremark.net Reverse IP | Ping | DNS Lookup
12. 97.61ms 98.06ms 96.55ms t0-0-0-7.br2.mia.terremark.net Reverse IP | Ping | DNS Lookup
13. 96.50ms 97.12ms 96.55ms t9-1.gw1.mia.terremark.net Reverse IP | Ping | DNS Lookup
14. 92.48ms 92.15ms 92.74ms 66.165.175.26 Reverse IP | Ping | DNS Lookup
15. 199.64ms 199.91ms 199.51ms ae4-540-r0-sp.bkb.rnp.br Reverse IP | Ping | DNS Lookup
16. 206.49ms 209.03ms 206.61ms xe-2-1-1-3000-r0-pr.bkb.rnp.br Reverse IP | Ping | DNS Lookup
17. 221.55ms 221.83ms 221.55ms xe-3-1-1-3000-r0-rs.bkb.rnp.br Reverse IP | Ping | DNS Lookup
18. 222.48ms 224.96ms 225.56ms ge-0-2-0-1-c12k.pop-rs.rnp.br Reverse IP | Ping | DNS Lookup
19. 233.58ms 232.07ms 231.51ms ufsm-pos-0-2-2-0-c12k.tche.br Reverse IP | Ping | DNS Lookup
20. 232.55ms 232.07ms 232.54ms vlan-backoneext.net.ufsm.br Reverse IP | Ping | DNS Lookup
21. * * * Request Timed Out
22. 232.57ms 231.94ms 232.75ms jetta.cpd.ufsm.br Reverse IP | Ping | DNS Lookup

Does this information help us get the @#$%^&*'s that sent the bogus "Yahoo" email?

Edited by Orange Blossom, 20 October 2011 - 08:27 AM.
Link disabled ~Budapest Removed e-mail address to protect from spambots. ~ OB


BC AdBot (Login to Remove)

 


#2 4dude

4dude

  • Members
  • 578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 19 October 2011 - 04:15 AM

That looks like a valid google link...

When i goto it,it says this


We're sorry.

You can't access this form because it is in violation of our Terms of service.

Find out more at the Google Docs Help Center.



Whatever was on this page IS NOW GONE.........


I did hear that Yahoo and Google merged (AND I HOPE IM WRONG)

#3 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:45 PM

Posted 20 October 2011 - 01:57 AM

Hello 2dude,

It looks like someone else also may have complained to Google and/or Yahoo and then they Pulled the plug on that page!

I have heard several merger stories involving both Google and Yahoo. I do not know which of them have been completed and which are just "Rumor". Most of what I hear is from the evening news on TV.

I am hoping that the information I was able to provide here which is also what I provided to Yahoo is able to lead to the @#$%^'s that sent the Bogus email. I had this happen a couple times before, and tried to use the header info to track down the @#$#%^&'s that sent email to me. I could not figure out what all the stuff was in the header and some of the codes used I gave up doing it my self, but then other things happened and I was unable to follow up on learning more about it. I figured I would post here to warn others about the bogus email.

#4 4dude

4dude

  • Members
  • 578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 24 October 2011 - 01:02 PM

Well if it IS true it explains why Yahoo is trying to force everyone to that MORE INTRUSIVE interface which is garbage and reads your emails!!

#5 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:45 PM

Posted 24 October 2011 - 02:01 PM

Hello 4dude,

I do not know about that one and/or have not heard about that one. The only thing new from Yahoo recently that I know of is their new mail format. They switched to a new mail format from their "classic Yahoo email". I know that they are supposed to be switching everyone over to the new email format sometime soon or may have already. It is similar to MSN's Hotmail and AOL's email Formats. I guess people were complain about going back and forth, that it was difficult because of different formats. When Yahoo first came out with the new format I did not like it so I choose to stick with the classic email format. But they have since incorporated some of the features of the classic into the New Yahoo Email format and also added new features as well. Which has made it a lot faster than the older "classic" version/format of email. Yes it still has some drawbacks as does any version/format, but as the updates come out they get fewer, we hope. lol

Which leads me back into my Bogus Yahoo email question. You would figure that with the newer version/format that we would receive less bogus/hoax emails that say they are from Yahoo. With all of the information available to us in the full header how can we use that to determine exactly who sent the bogus/hoax Yahoo email and then have them reported to the proper authorities?

#6 Lillielle

Lillielle

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:45 PM

Posted 26 October 2011 - 04:58 AM

I haven't gotten the bogus yahoo email and have no idea how you would determine who sent it, but I know with the new mail format, I really dislike that they made me switch...they'd been suggesting it for a while and then I logged in one day and hello new format.
Acer Aspire 5750, Windows 7 64-bit, Intel i3 2.1GHz
"Neither the angels in heaven above nor the demons down under the sea can ever dissever my soul from the soul of the beautiful Annabel Lee"

#7 4dude

4dude

  • Members
  • 578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 26 October 2011 - 03:24 PM

Luckily my accoutns are STILL ON THE OLDER INTERFACE and ill continue to do whatever i can to keep them there! (That new interface IS GARBAGE)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users