Numpties
These, and/along with other variants, appear to arrive in batches of 10-20 all to the same address dated some time in the future. Nothing suspicious there then. The IP addresses, generally open proxies, get stuffed up IPTables.
A new email scam attempts to trick marks into opening a dodgy email attachment by posing as a murder suspect bulletin from “London City Police”.* The fake email alert is designed to appear important, but also somewhat ambiguous, in a deliberate attempt to trick users into opening the zip attachment. The arresting scam is more …
You can tell it wasn't actually from the City of London Police anyway- it had nothing to do with piracy, intellectual property (#) or any other crime that would have a financial impact on their undemocratically-elected corporate paymasters.
(#) Seriously, have you noticed that when there's a (UK-based) story about the "police" investigating this sort of thing, it's almost always the City of London Police behind it? It's not at all dubious that a police force covering 1 out of 90,000 square miles has an apparently disproportionate interest in this, is it?
UK2Fax <fax2@fax1.uk2fax.co.uk>
These numpties regularly send me.... guess what... zipped fax messages. Engrampa 1.8.1 tells me the content is a .scr file. I assume it has nothing to do with Guinness.
WTF.. are .scr files still used to fuck over Windows Machines? Upgrade to Windows 10 now. They may have fixed that one.
Postfix
Received: from host81-136-167-116.in-addr.btopenworld.com (host81-136-167-116.in-addr.btopenworld.com [81.136.167.116])
Open Proxies R Us.
SpamCop
Received: from apache by fax1.uk2fax.co.uk with local (Exim 4.63) (envelope-from <fax2@fax1.uk2fax.co.uk>) id LM6C8T-B50T92-KN for <x>; Tue, 15 Sep 2015 10:43:30 +0000
Ignored
81.136.167.116 listed in cbl.abuseat.org ( 1 )
Open proxies untrusted as relays
Tracking message source: 81.136.167.116:
Routing details for 81.136.167.116
Report routing for 81.136.167.116: abuse@btinternet.com
abuse@btinternet.com redirects to bt@admin.spamcop.net
Yum, this spam is fresh!
Message is 1 hours old
81.136.167.116 listed in cbl.abuseat.org ( 1 )
81.136.167.116 is an open proxy
81.136.167.116 not listed in accredit.habeas.com
81.136.167.116 not listed in plus.bondedsender.org
81.136.167.116 not listed in iadb.isipp.com
No Shit. Elsewhere via their Twitter feed BT regularly tell the unwashed masses about 'security stuff'.. but they cannot be bothered to subscribe to cbl.abuseat.org to find out which of their 'idiot customers' is running an 'open proxy' on their network which is being used to deliver infected .scr files to the unsuspecting and take it out or at least send them a warning? Buh Duh.
Pfft. Nothing appears to happen as a result of reporting them via SpamCop. Guess we have to go WebTwit2Orhea..
https://twitter.com/BTOpenProxies/status/643757884547796992