Tuesday, August 22, 2006

E-mail scams....sigh

I have over the years received many scam e-mails and, yes, they usually have something to do with some Nigerian aristocrat desiring safe passage for millions of dollars of dough to this country. You probably know of the various scams (i.e. the 419 scam), as well; I've heard from some sources that they do indeed still manage to find suckers every single day. Gee, will folk ever get a clue?

Well, after a long hiatus, some scammer has targeted me again. "Hey! He's got a bite some day!!" So, I just today got another e-mail scam and I've decided to publish this one, examine it with a fine-toothed comb, and write some commentary on it.

To start with, here's the e-mail received in KMail, headers and all with my own Cox e-mail (the final destination) X'd out:
Return-Path: <steveb555@adinet.com.uy>
Received: from eastrmimpi02.cox.net ([]) by eastrmmtai08.cox.net
(InterMail vM. 201-2131-130-101-20060113) with ESMTP
id <20060821182208.TPPI10570.eastrmmtai08.cox.net@eastrmimpi02.cox.net>
for <XXXXXXX@cox.net>; Mon, 21 Aug 2006 14:22:08 -0400
Received: from eforward4.name-services.com ([])
by eastrmimpi02.cox.net with IMP
id CiHS1V05l5Jwc000000000
Mon, 21 Aug 2006 14:17:29 -0400
Received: from c9mailgw24.amadis.com ([]) by eforward4.name-services.com with Microsoft SMTPSVC(6.0.3790.211);
Mon, 21 Aug 2006 11:20:39 -0700
Received: from smtp-s4.antel.net.uy (smtp-s4.antel.net.uy [])
by c9mailgw24.amadis.com (Postfix) with ESMTP id 2F62B163806
for <dixiedog@dixiebill.com>; Mon, 21 Aug 2006 11:17:27 -0700 (PDT)
Received: from fe-ps02 ( by smtp-s4.antel.net.uy ( (authenticated as steveb555@adinet.com.uy)
id 4474803E01820289; Mon, 21 Aug 2006 14:59:40 -0300
Received: from [] by www.adinet.com.uy via http; Mon Aug 21 14:59:40 UYT 2006
Message-ID: <12276098.1156183180746.JavaMail.tomcat@fe-ps02>
Date: Mon, 21 Aug 2006 14:59:40 -0300 (UYT)
From: steve Bastiaan <steveb555@adinet.com.uy>
Reply-To: steve_b2222@uymail.com
Subject: from steve
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
To: undisclosed-recipients:;
X-CTASD-RefID: str=0001.0A090216.44E9F8C4.0028,ss=1,fgs=0
X-CTASD-Sender: steveb555@adinet.com.uy
x-ctasd: uncategorized
x-ctasd-vod: uncategorized
Return-Path: steveb555@adinet.com.uy
X-OriginalArrivalTime: 21 Aug 2006 18:20:39.0808 (UTC) FILETIME=[818A4000:01C6C54E]
Status: R
X-Status: NC

Dear Friend
I am Steve Bastiaan,a merchant in Dubai, in the U.A.E.I have been
with Esophageal Cancerwhich was discovered very late, due to my laxity
caringfor my health. It has defiled all forms of medicine, and right
now I
have only abouta few months to live, according to medical experts.

I have not particularly lived my life so well, as I never really
cared for anyone not even myself but my business. Though I am very
rich, I
wasnever generous, I was always hostile to people and only focused on
business as that was the only thing I cared for. But now I regret all
as I now know that there is more to life than just wanting to have or
all themoney in the world.
I believe when God gives me a second chance to
come to this world I would live my life a different way from how I
have lived it.
Now that God has called me, I want God to be merciful to me and accept
soul and so, I have decided to give alms to charity organizations and
succour and confort to the less priviledged in our societies, as I
want this
to be one of the last good deeds I do on earth.
Now that my health has deteriorated so badly, I cannot do this my self
anymore.The last of my money which no one knows of is the huge cash
of ten million dollars($10M) that I have in Europe for safe keeping. I
want you to help me collect this deposit and disburse it to some
organizations and to the less priviledged.

Please send me a mail to indicate if you will assist me in this
disbursement.I hav e set aside 10% for you for your time and patience.
you can email me at: steve_b2222@uymail.com

While I await to hear from you, may God be with you and your entire
Remain blessed,
Steve Bastiaan.
Ok, next I did a reverse lookup from my home machine of the X-Originating-IP shown to be
; <<>> DiG 9.3.1 <<>> -x
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60580
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


245.125.in-addr.arpa. 900 IN SOA g.dns.kr. inverse.nida.or.kr. 2006062614 21600 900 604800 43200

;; Query time: 30 msec
;; WHEN: Tue Aug 22 01:04:59 2006
;; MSG SIZE rcvd: 106
Since the name server for that IP, the originating IP, which conveniently has no pointer (PTR) record, is located in South Korea, indicated by the .kr top-level geographic domain of the name servers.

The fact that this IP lacks a pointer record, which for the uninitiated means no way to do an exact reverse IP lookup and obtain the machine name within the domain hierarchy in question, and usually (but not always) is indicative of an ethically-challenged ISP or IP spoofing. Only a start of authority (SOA) record is returned, listing only authoritative name servers, as we see here.

Next, the supposed sender steveb555@adinet.com.uy, which is most definitely a fake, naturally, shows adinet.com.uy, an entity (adinet.com) in Uruguay as the source of this e-mail. The following line in the header:
Received: from [] by www.adinet.com.uy via http; Mon Aug 21 14:59:40 UYT 2006
Message-ID: <12276098.1156183180746.JavaMail.tomcat@fe-ps02>
seems to indicate some sort of Java-based web-based e-mail app. When we then go to www.adinet.com.uy, we indeed see a web e-mail page in which the e-mail app itself is probably written in Java and served up on Java server pages.

Anyway, not to get into too much technical psychobabble, if you read the Received: header lines from the bottom (start) to the top (end), it's quite apparent that the person who sent this probably resides in South Korea, logged into a webmail at www.adinet.com.uy located in Uruguay, and sent this gem to my Cox e-mail (via Enom's forwarding I set up through dixiedog AT dixiebill.com) among a plethora of other "undisclosed- recipients," one or more of whom will without a doubt, unfortunately, fall for this garbage.

One wishes they could reach out and touch these basta'ds sometimes. BUT, I deal ;).

Sunday, August 20, 2006

Experimenting with styles...

I've been experimenting with different CSS for both Haloscan and the blog here to attempt to capture the essence of Dixie, so to speak, hence the background painting of the Battle of Gettysburg by James Walker (1818-1889). The background shown is only about ¾ of the total painting that I scanned in, which covers pages 330-331, from the book, The American Heritage Picture History of the Civil War (1960), by historian Bruce Catton.

I may change it as I'm still experimenting to determine what CSS layout I'll stick with for the long term. But for now, this will be the style. I almost always invariably dislike the default stuff supplied with just about anything, be it website templates, operating system settings, whatever, so I end up changing them to my liking.

Friday, August 18, 2006

New blogtrailer has arrived

William Norman Grigg, the senior editor of the New American magazine, has now hauled in a new blogtrailer to the Blogspot Mobile Home Park. And as of right now, he has comments enabled on this blog. So go visit his blogtrailer for some excellent incisive and poignant commentary of the issues of the day!

The Birchblog was relocated from the New American website to the John Birch Society's main website at the end of July and there's been a dearth of posts thenceforth.

Anyhow, I look forward to seeing some great blog posts from him. So, again, be sure to visit from time to time.