Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Spam claiming to be from My Opera

29 views
Skip to first unread message

Frank Bell

unread,
Jul 15, 2010, 11:21:41 AM7/15/10
to
My friend received three emails this morning telling her to click a link
to activate her "My Opera" account.

When she moused over the link, it was a redirect.

She has Opera on her computer because I put it there, but I have been
unsuccessful in getting her to use it. I *know* she has never been to the
My Opera website.

I asked her to send me copies; if they come through, I'll post whois
information.


--
Blogging from Pine View Farm (http://www.pineviewfarm.net/weblog)
Updates daily. Worthwhile updates occasionally.

Opera (http://www.opera.com), Linux (http://iso.linuxquestions.org/), and
Fluxbox (http://www.fluxbox.org)--the ultimate internet experience.

Geek out at Geekazine: http://www.geekazine.com

Fred

unread,
Jul 15, 2010, 3:25:44 PM7/15/10
to
Frank Bell wrote:
> My friend received three emails this morning telling her to click a link
> to activate her "My Opera" account.
>
> When she moused over the link, it was a redirect.
>
> She has Opera on her computer because I put it there, but I have been
> unsuccessful in getting her to use it. I *know* she has never been to
> the My Opera website.
>
> I asked her to send me copies; if they come through, I'll post whois
> information.
>
>

Me, too.

Frank Bell

unread,
Jul 15, 2010, 11:52:43 PM7/15/10
to
My friend's forwards did not make it to me. She checked her sent mail and
they were shown as sent, so I'm guessing my ISP's spam filters caught
them. They seem to do a pretty good job catching spam.

One of the readers of this newsgroup was kind enough to send me a copy,
with complete headers, of a "My Opera" spam he received, so I spent a
little quality time this evening with WHOIS. You can see the email (I
redacted the original recipient's email address and provider) and the
WHOIS results in a PDF on my server:

http://www.pineviewfarm.net/misc/keosan.pdf

Short version: the email originated from a server in the Ukraine (Opera
is the number one browser in Central Asia). The originating address may
have been part of a botnet.

The links redirected to a web address in Korea. Once again, that may have
been set up by someone in a whole nother place.

I have no way of knowing whether my friend's emails had similar contents,
but, given that they all originated at about the same time, I suspect it's
likely.

Opera in Central Asia: http://preview.tinyurl.com/23kfmrb


EDITORIAL:

1. The redirects illustrate one reason why HTML email is evil.

2. One of the things I really like about the Opera mail client is how
easy it is to see full email and news headers; if you have doubts about a
message, looking at the headers is often a quick way to resolve them.

My friend uses Outlook, because it's her work email. (I can't even wean
her off Internet Explorer--there is no way I will get her to use Linux and
Evolution.)

For a while, I worked for a company that mandated Outlook. I never did
figure out how to see headers in Outlook, and I'm usually pretty good at
digging into the ins and outs of computer programs' menu options.


ASIDE:

WHOIS, FINGER, and all that other good internet lookup stuff are command
line utilities included in every Linux distribution I've tried.

I was going to say that "Windows users who want track stuff down can go to
http://www.samspade.org," but SamSpade seems to be down. There appear to
be Windows packages available for download, but you're probably better off
just switching to Linux.


--
Opera 10.60 on Ubuntu Linux 10.04.

Remco Lanting

unread,
Jul 16, 2010, 5:55:27 AM7/16/10
to
On Fri, 16 Jul 2010 05:52:43 +0200, Frank Bell <frank...@cox.net> wrote:

> Short version: the email originated from a server in the Ukraine (Opera
> is the number one browser in Central Asia). The originating address may
> have been part of a botnet.

It's blacklisted:
http://www.topwebhosts.org/tools/dnsbl.php?query=95.132.250.91&submit=Query

(also listed in a few on http://www.dnsbl.info )

> For a while, I worked for a company that mandated Outlook. I never did
> figure out how to see headers in Outlook, and I'm usually pretty good at
> digging into the ins and outs of computer programs' menu options.

Right click message, properties. It's on one of the tabs there

The server used for sending (fallback.mail.widexs.nl) seems to have sent
spam in 2006 already:
http://www.robtex.com/dns/fallback.mail.widexs.nl.html#blacklists

A lot of domains are running on it, so it's probably a reseller or an open
relay.

--
Remco Lanting

[Unofficial Opera bug tracker links]
http://opera.remcol.ath.cx/bugs |
http://my.opera.com/community/forums/topic.dml?id=217364 |
remco.lanting...@gmail.com

0 new messages