[pov] Hacked AOL account, was Re: Re: [pov]

• From: John Sage <jsage@xxxxxxxxxxxxxx>
• To: pov@xxxxxxxxxxxxx
• Date: Fri, 17 Sep 2010 10:19:47 -0700

On 10-09-17 09:00 AM, vipco93@xxxxxxxxxxxxxx wrote:

It appears that my e-mail account has been hacked and members may be
getting unusual e-mails from vipco93@xxxxxxxx Apologies to all. I will
cancel my pov listing at the current e-mail server and will sign up
again with a different address and server. If anyone has received mail
unrelated to photography please let me know. Tim Robinson

Quoting vipco93@xxxxxxx:

These hacked AOL account emails are very interesting; I've received at least four recently.

When I try to "view source" under Thunderbird/Ubuntu -- view the entire body of the email, headers and all -- a window opens up that is as small as possible.

In fact the first time I tried this last week it took me minutes to even notice the tiny things up in one corner of the screen, at which time I had four open.

They seem to have no actual content.

Saving one of those just received to hard drive and examining the full text that way shows this:

[start full headers fragment]

Received: from smtprly-de01.mx.aol.com (smtprly-de01.mx.aol.com [205.188.249.168]) by cia-dc06.mx.aol.com (v129.4) with ESMTP id MAILCIADC061-b2334c934a2615e; Fri, 17 Sep 2010 06:59:51 -0400

Received: from webmail-m101 (webmail-m101.sim.aol.com [64.12.224.155]) by smtprly-de01.mx.aol.com (v129.4) with ESMTP id MAILSMTPRLYDE018-b2334c934a2615e; Fri, 17 Sep 2010 06:59:50 -0400

Received: from 196.203.59.89 by webmail-m101.sysops.aol.com (64.12.224.155) with HTTP (WebMailUI); Fri, 17 Sep 2010 06:59:50 -0400

X-AOL-IP: 196.203.59.89

[end full headers fragment]


whois for 196.203.59.89 shows:

% Information related to '196.203.56.0 - 196.203.59.255'

inetnum:        196.203.56.0 - 196.203.59.255
netname:        TUNET-ADLG-06
descr:          ADSL-LIGHT Customers
country:        TN
org:            ORG-ATIA2-AFRINIC
source:         AFRINIC # Filtered
parent:         196.203.0.0 - 196.203.255.255

organisation:   ORG-ATIA2-AFRINIC
org-name:       Agence Tunisienne Internet - ATI
org-type:       LIR
country:        TN
address:        13 rue Jugurtha  Mutuelle-ville
address:        1002 Tunis
address:        Tunis 1002
e-mail:         tn.ati@xxxxxx
e-mail:         lir@xxxxxx
e-mail:         pdg@xxxxxx
phone:          +216 71 846 100
fax-no:         +216 71 846 600

So basically this specific email was probably injected into the AOL email system by a DSL customer of tunet.net (http://www.tunet.tn/) based in Tunisia, using your AOL account credentials for validation.

Fun stuff, huh?


- John
--
John Sage
FinchHaven Digital Photography
Box 2541, Vashon, WA 98070
Email: jsage@xxxxxxxxxxxxxx
  Web: http://www.finchhaven.com/
 Cell: 206.595.3604

pov@xxxxxxxxxxxxx

To subscribe or unsubscribe: //www.freelists.org/list/pov

• References:
  • [pov] Re: [pov]
    • From: vipco93

Other related posts:

• » [pov] Hacked AOL account, was Re: Re: [pov] - John Sage

1. Home
2. pov
3. Archive
4. 09-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---