File: /home/asjudine/mail/asjudinet.com/ventas/new/1678582146.H864851P3311.server.asjudinet.com,S=5569
Return-path: <ventas@asjudinet.com>
Envelope-to: ventas@asjudinet.com
Delivery-date: Sat, 11 Mar 2023 18:49:06 -0600
Received: from [185.218.200.1] (port=22674)
by server.asjudinet.com with esmtp (Exim 4.87)
(envelope-from <ventas@asjudinet.com>)
id 1pb9tZ-0000qU-RO
for ventas@asjudinet.com; Sat, 11 Mar 2023 18:49:06 -0600
Message-ID: <640D3D6F.3040102@asjudinet.com>
Date: Sun, 12 Mar 2023 03:48:15 +0100
From: <ventas@asjudinet.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.8.1.6) Gecko/20070728 Thunderbird/2.0.0.6
MIME-Version: 1.0
To: <ventas@asjudinet.com>
Subject: Settle your debt in order to avoid additional fees.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=4.0
X-Spam-Score: 40
X-Spam-Bar: ++++
X-Ham-Report: Spam detection software, running on the system "server.asjudinet.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Dear user of asjudinet.com! I am a spyware software developer.
Your account has been hacked by me couple months ago. The hacking was carried
out using a hardware vulnerability through which you went online (Cisco router,
vulnerability CVE-2023-20026). [...]
Content analysis details: (4.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[185.218.200.1 listed in bl.score.senderscore.com]
-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high
trust
[185.218.200.1 listed in list.dnswl.org]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[185.218.200.1 listed in psbl.surriel.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <https://www.spamcop.net/bl.shtml?185.218.200.1>]
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
anti-forgery methods
2.6 MALWARE_NORDNS Malware bragging + no rDNS
X-Spam-Flag: NO
Dear user of asjudinet.com!
I am a spyware software developer.
Your account has been hacked by me couple months ago.
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2023-20026).
I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... :)
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!
So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $1340 to my Bitcoin cryptocurrency wallet: 14YLQ A98RN JX22W2 Prmc7PR QNf6QQ f1B1D
Just copy and paste the wallet number when transferring.
An important notice: I have specified my Bitcoin wallet with spaces, hence once you carry out a transfer,
please make sure that you key-in my bitcoin address without spaces to be sure that your funds successfully reach my wallet!
If you do not know how to do this - ask Google.
My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.
P.S. Do not try to contact me (this is impossible, sender's address was randomly generated).
I advise you to remain prudent and not engage in nonsense (all files on my server).
Good luck!