Wednesday, July 30, 2014

Email Header Analyzer for security Using 0Day attack

I was looking at some of the spam mail that have been coming into a client server, but was still getting through some of standard spam filtering engine they have in place. As this is a 0Day phishing attack

And I thought I would Blog about this tool as a security tool/solution.

First it is important to understand what is an e-mail header:

You see e-mail headers are used usually by servers and e-mail clients.
From a security aspect, we like to use : as it provides a quick way to check against known blacklisted mail servers.

Below is a screen of an example e-mail:
The great thing is as soon as the report is done, even if you have no idea about security you see the icons in RED as  a quick indicators for BAD as this e-mail  has been using Black listed servers.

But if you look some more, you can find a wealth of information:
for example the sender if from a .nz domain ?  really Alberta Canada and the sender if from New Zealand.

Below is Also the attachment, in Base64 this is to insure someone can't click and infect themselves.

The body of the e-mail:
Your most recent monthly statement is ready and is available for download (see attachement). The statement includes all ATB Online transactions and your starting and ending balances.
We email you to let you know your account statement is ready. You can view or print a copy of your statement from the same page. kindly download the attached file to view your most recent statement.
ATB Online Financial Services
Customer Relations Services
As this e-mail is an automated message, do not reply to this email.
No virus found in this message.
Checked by AVG -
Version: 2013.0.2018 / Virus Database: 2909/6842 - Release Date...

--Forwarded Message Attachment--
--= Multipart Boundary 0731140401
Content-Type: text/html;
Content-Transfer-Encoding: base64
Content-Disposition: attachment;


--= Multipart Boundary 0731140401--

Tuesday, July 22, 2014

Canada Get Cyber Safe Guide for Small and Medium Businesses

Many clients ask how should a small business protect itself. 
The below info is quoted from

If you're like most small or medium businesses in Canada, the Internet is an indispensable tool to succeed in today's digital economy. Getting online allows you to reach new customers and grow your business. And even if you don't have a website — or a Facebook page or Twitter account — you probably depend on the Internet for everyday business operations like banking, payroll or ordering supplies.
However, being online requires being safe and secure. As a small or medium business, it's easy to think that you are too small to warrant the attention of cyber criminals. In fact, cyber criminals are now actively targeting smaller businesses because they believe their computers are vulnerable.

The link

Thursday, July 17, 2014

SPAM via relay on an infected system

 SPAM via relay on an infected system

From: "LovelyPfizer" <>

To: 66b782096 <>

Content-Type: multipart/alternative; boundary=----=_NextPart_000_0015_01CF7285.2D507C60


Content-Type: text/plain; charset=UTF-8

Up to 75% off for every luxury product we offer online!


Content-Type: text/html; charset=UTF-8

<div dir="ltr"><div>Up to 75% off for every luxury product we offer online!<br></div><a href=""></a><br></div>



421-4.7.0 [       4] Our system has detected an unusual rate of

421-4.7.0 unsolicited mail originating from your IP address. To protect our

421-4.7.0 users from spam, mail sent from your IP address has been temporarily

421-4.7.0 rate limited. Please visit

421-4.7.0 to review our Bulk

421 4.7.0 Email Senders Guidelines. uu2si7687567igb.23 - gsmtp

Fake with malware inside it .. as the extracted file is VoiceMail.scr

Tuesday, July 15, 2014 is Up and online. also the .ca and .net

So we have the website up, we decided to bring it up online as 90% of our clients are referrals. but the guys wanted something up so, we are now online.

Good read about zues botnet