Update, 13/5/07:
Thanks for all the comments. It seems we’re seeing a new angle on attention getting by some saddo spammer. Lots of ‘petes’ and ‘peters’ hit with this around the same time, followed by ‘Christopher’, so maybe not quite alphabetical but still grouped.
Thanks to the Petes and the Steves and the Christophers and Mr Tox for the feedback. I emailed the Met Police in London to get this approach on the radar for the UK cops (no doubt they already knew about it) and also replied on a disposable account to the man himself – “Nice Man Nice man” (be-cool-n@hotmail.com). No reply from the main guy himself, maybe I’ll need to start a 419 baiting project. I’ve already started to write a 419er friendly ‘please don’t kill me, take all my money but think of my donkeys’ email.
Thanks folks. Now Google has something to work with, lets hope no-one falls for this.
Original Post …..
Got some spam this morning with a different take on stealing my ID: Terror!
A am very Very sorry for you Pete, is a pity that this is how your life is
going to end is a pity but I will like to give you some chance to help your
self RIP. As you can see there is no need of introducing my self to you
because I
don’t have any business with you, My work as I am talking to you now is
just to kill you and a have to just do that as I have already been paid
for that.
Some one that I will not like to tell you the name came to me and told
me that he want you and the whole of your family dead and he provide us
with your name, Address and Phone Number and with my network I sent my boys
to track you down and they have done that but I told them not to kill you
that I will like to contact you and see if your life is Important to you so
I called the him back (I mean my client) and ask him of you email which I
didn’t tell him what I want to do with it and he gave it to me and I am
using it to contact you. As I am writing to you now my men are
monitoring you and there telling me every thing about you. So I will like to
know
if you Like to live or die as some one has paid for you to die. I am given
you just two days to get back to me or I will just make a call and tell my
boys to wipe you and your family out.
GOOD LUCK AS I AWAIT YOUR REPLY.
Sent from Nigeria (where else!) from IP address 213.255.199.40, which resolves to Henik International Ltd. Not much about them on google, but not bothered to chase it any further. The server at that address seems to be a fairly open services server..
nmap -sS -v -v -P0 213.255.199.40
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-27 10:19 BST
Initiating Parallel DNS resolution of 1 host. at 10:19
Completed Parallel DNS resolution of 1 host. at 10:19, 0.04s elapsed
Initiating SYN Stealth Scan at 10:19
Scanning 213.255.199.40 [1697 ports]
Discovered open port 25/tcp on 213.255.199.40
Discovered open port 23/tcp on 213.255.199.40
Discovered open port 443/tcp on 213.255.199.40
Discovered open port 80/tcp on 213.255.199.40
Discovered open port 53/tcp on 213.255.199.40
Discovered open port 22/tcp on 213.255.199.40
Discovered open port 5432/tcp on 213.255.199.40
SYN Stealth Scan Timing: About 6.21% done; ETC: 10:28 (0:07:41 remaining)
Discovered open port 8888/tcp on 213.255.199.40
It’s a nasty, attention-getting way of entering into dialogue with the target. I can see it working on quite a few people, alas. The race to the bottom continues…
