Thursday, October 26, 2006

Beware of Tricky Emails

Just now, i got an email from abuse@openoffice.org saying that my account will be suspended for security reason if i am not clicking a links (http://www.openoffice.org/confirm.php?account=willysr@openoffice.org) to verify that it's my official email. Strange, since my account at openoffice.org is only an alias which will link to my primary email at gmail and i never used that account to send any email address, just to receive some notification from some of OpenOffice.org's services. So, i look at the link property and it links to http://www.nbmd.cn/Confirmation_Sheet.pif, which i can guess it's some kind of social engineering method to attract people to click on it. I guess it's a link which can cause damage to your computer, so please beware before opening such kind of email.

One more note, OpenOffice.org never uses PHP for their services. That's what on my mind at the first time i saw this email. Funny.

Here's the email property:

X-Gmail-Received: a48a835f004eb8d9b5d4159a666fc95917fd5304
Delivered-To: willysr@gmail.com
Received: by 10.70.43.20 with SMTP id q20cs57165wxq;
Tue, 24 Oct 2006 22:51:21 -0700 (PDT)
Received: by 10.78.160.2 with SMTP id i2mr245625hue;
Tue, 24 Oct 2006 22:51:21 -0700 (PDT)
Return-Path:
Received: from openoffice.org (s002.sjc.collab.net [204.16.104.2])
by mx.google.com with SMTP id 37si312159hub.2006.10.24.22.51.19;
Tue, 24 Oct 2006 22:51:21 -0700 (PDT)
Received-SPF: pass (google.com: manual fallback record for domain of abuse@openoffice.org designates 204.16.104.2 as permitted sender)
Received: (qmail 18144 invoked by uid 5000); 25 Oct 2006 05:51:19 -0000
Delivered-To: httpd-willysr@www.openoffice.org
Received: (qmail 18137 invoked from network); 25 Oct 2006 05:51:19 -0000
Received: from cylon2.sjc.collab.net (204.16.104.18)
by s002.sjc.collab.net with SMTP; 25 Oct 2006 05:51:19 -0000
Received: from dsl3-94.uninet.ee (HELO openoffice.org) ([194.204.17.94])
by cylon2.sjc.collab.net with ESMTP; 24 Oct 2006 22:51:15 -0700
Message-Id: <56vc5m$ud8gm@cylon2.sjc.collab.net>
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtZjACWYPkXCzBFe/2dsb2JhbACBTG44gyeEczCBXQ
X-IronPort-AV: i="4.09,354,1157353200";
d="scan'208,217"; a="31891990:sNHT16348948"
X-IRONPORT: SCANNED
From: abuse@openoffice.org
To: willysr@openoffice.org
Subject: ACCOUNT ALERT
Date: Wed, 25 Oct 2006 08:51:06 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0005_2C5F4D58.F63DE143"
X-Priority: 3
X-MSMail-Priority: Normal