WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETEL!

All other technical assistance queries (General technical issues, IPv6. P2P, News groups, etc)
Post Reply
User avatar
csouter
Posts: 156
Joined: Fri Apr 09, 2004 6:37 pm
Location: Homebush West, NSW, Australia

WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETEL!

Post by csouter » Wed May 01, 2013 12:06 am

Hi, all!

Has anyone else received an email purportedly from Exetel advertising new mobile plans?

Subject: Notification of new Mobile Plans - Effective 1st May

I received this email at an email address which is no longer registered as one of my contact email addresses, (although, I must admit,
it may well have been registered at some time in the past).

Apart from the fact that it was sent to an email address that I no longer use as an Exetel contact address, there is another unusual
characteristic: it has an attachment, purportedly in the form of a Microsoft PowerPoint presentation.

In the 9+ years that I have been an Exetel customer, I have never before received an email from Exetel containing an executable attachment.

I have reported this email to SpamCop, and, according to SpamCop. the message actually came from Exetel's mail server.

I really don't know what else I should (or can) do, except to warn everyone that there might be a slight possibility that Exetel's
mail server, or some other part of the network, may have been compromised in some way.

If there is anyone in Exetel admin monitoring this forum, perhaps you could check this out.

The SpamCop reporting URL is: http://www.spamcop.net/sc?id=z549766202 ... b718ca242z

FYI, the attachment is Base64-encoded, a sure sign of a suspicious attachment.

Any information or advice is more than welcome!
Thanks and regards
Christopher Souter
(Sydney, NSW, Australia)

felix
Posts: 120
Joined: Mon May 30, 2005 11:41 pm
Location: Orange, NSW, Australia
Contact:

Re: WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETE

Post by felix » Wed May 01, 2013 1:10 am

It's legit, but highly unusual.

<edit>

Actually I'd say someone didn't quite get the query parameters correct as I got the email and haven't had a mobile service with Exetel for years. Likely they pulled out ALL mobile records regardless of active vs inactive so your email may have been on an inactive service.

</edit>
Last edited by felix on Wed May 01, 2013 1:27 am, edited 1 time in total.

User avatar
EroshanJ
Exetel Staff
Posts: 243
Joined: Tue Jul 06, 2010 11:26 am
Location: Australia

Re: WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETE

Post by EroshanJ » Wed May 01, 2013 1:24 am

Hi csouter,

Could you please forward that email to residentialsupport@exetel.com.au in order to verify?

User avatar
csouter
Posts: 156
Joined: Fri Apr 09, 2004 6:37 pm
Location: Homebush West, NSW, Australia

Re: WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETE

Post by csouter » Wed May 01, 2013 7:47 am

EroshanJ wrote:Hi csouter,

Could you please forward that email to residentialsupport@exetel.com.au in order to verify?
Do you want the original, raw email? (The email was sent to a Gmail address, so I'll have to do the
"view original" routine, copy-and-paste into a text file and attach it to the email).

If I simply "forward" from Gmail, you'll never be able to find out the original source of the email,
because Gmail mangles the headers.

The reason I'm asking this is that I'll have to forward the email as an attachment, and I'm not sure
whether the address given above will accept emails with attachments.

Please confirm whether or not emails with attachments are acceptable.

Also, I intend to forward the message from my current Exetel contact email address, not the Gmail
address to which the message was sent.

Thanks and regards
Chris Souter
Thanks and regards
Christopher Souter
(Sydney, NSW, Australia)

User avatar
EroshanJ
Exetel Staff
Posts: 243
Joined: Tue Jul 06, 2010 11:26 am
Location: Australia

Re: WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETE

Post by EroshanJ » Wed May 01, 2013 8:19 am

csouter wrote:
EroshanJ wrote:Hi csouter,

Could you please forward that email to residentialsupport@exetel.com.au in order to verify?
Do you want the original, raw email? (The email was sent to a Gmail address, so I'll have to do the
"view original" routine, copy-and-paste into a text file and attach it to the email).

If I simply "forward" from Gmail, you'll never be able to find out the original source of the email,
because Gmail mangles the headers.

The reason I'm asking this is that I'll have to forward the email as an attachment, and I'm not sure
whether the address given above will accept emails with attachments.

Please confirm whether or not emails with attachments are acceptable.

Also, I intend to forward the message from my current Exetel contact email address, not the Gmail
address to which the message was sent.

Thanks and regards
Chris Souter
We need the email with full headers to investigate. Therefore, please email us the spam email with headers.

User avatar
csouter
Posts: 156
Joined: Fri Apr 09, 2004 6:37 pm
Location: Homebush West, NSW, Australia

Re: WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETE

Post by csouter » Wed May 01, 2013 3:47 pm

Email sent.
Thanks and regards
Christopher Souter
(Sydney, NSW, Australia)

HashiniA
Exetel Staff
Posts: 79
Joined: Wed Jul 07, 2010 9:59 am
Location: Australia

Re: WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETE

Post by HashiniA » Wed May 01, 2013 5:34 pm

Hello Chris,

We have investigated your issue and we can confirm that this email was incorrectly sent by Exetel to residential customers as this email should be sent out to Exetel Agents.

Therefore could you please disregard that email as this is happen due to a system glitch.

User avatar
Dazzled
Volunteer Site Admin
Posts: 6000
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETE

Post by Dazzled » Wed May 01, 2013 6:35 pm

That's cleared up, so now all's well.

But I'm intrigued by "Base64-encoded, a sure sign of a suspicious attachment". In the age of MIME, that's just a sure sign of a binary attachment - most that I get are unsuspicious images in a variety of formats, and pdfs.

User avatar
csouter
Posts: 156
Joined: Fri Apr 09, 2004 6:37 pm
Location: Homebush West, NSW, Australia

Re: WARNING! POSSIBLE MALICIOUS SPAM ORIGINATING FROM EXETE

Post by csouter » Thu May 02, 2013 8:13 am

Thanks for the info.

Sorry about reporting the email to SpamCop! :oops:
Thanks and regards
Christopher Souter
(Sydney, NSW, Australia)

Post Reply