jump to navigation

“Membatik” Membaca Source E-mail April 13, 2009

Posted by Hoesnie Moebarok in Keamanan Informasi, Tugas.
Tags: ,
trackback

Email Header adalah informasi yang memuat tentang perjalanan setiap email, berisi tentang detil dari pengirim, rute perjalanan dan penerima email tersebut. Jika diibaratkan, seperti tiket pesawat terbang, dimana bisa diketahui siapa yang memesan (siapa yang mengirim email), informasi jadwal keberangkatan (kapan email itu dikirimkan), rute perjalanan (dari mana email itu dikirimkan dan bagaimana email tersebut sampai ditujuan) dan detail kedatangan (siapa yang menerima email dan kapan email itu sampai). seperti halnya apabila kita memesan tiket pesawat dengan identitas palsu, dalam email juga bisa terjadi demikian: alamat pengirimnya bisa merupakan alamat palsu (seperti spam atau virus). berikut ini adalah contoh source email yang dibaca dari mozilla thunderbird, email ini berisi dua attachment file berbeda, file  yang pertama berupa teks dan yang kedua file gambar, untuk isi email dan attachment memiliki no id tertentu secara acak :

From – Mon Apr 13 14:40:23 2009
X-Account-Key: account2
X-UIDL: GmailId1209e6509a1e3c67
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:
Delivered-To: unie2k@gmail.com
Received: by 10.239.137.200 with SMTP id m8cs124408hbm;
Mon, 13 Apr 2009 00:33:26 -0700 (PDT)
Received: by 10.110.93.8 with SMTP id q8mr8575814tib.21.1239608003805;
Mon, 13 Apr 2009 00:33:23 -0700 (PDT)
Return-Path: <unie2k@yahoo.com.sg>
Received: from n5.bullet.mail.tp2.yahoo.com (n5.bullet.mail.tp2.yahoo.com [203.188.202.86])
by mx.google.com with SMTP id 22si113127tim.4.2009.04.13.00.33.19;
Mon, 13 Apr 2009 00:33:22 -0700 (PDT)
Received-SPF: neutral (google.com: 203.188.202.86 is neither permitted nor denied by domain of unie2k@yahoo.com.sg) client-ip=203.188.202.86;
Authentication-Results: mx.google.com; spf=neutral (google.com: 203.188.202.86 is neither permitted nor denied by domain of unie2k@yahoo.com.sg) smtp.mail=unie2k@yahoo.com.sg; dkim=pass (test mode) header.i=@yahoo.com.sg
Received: from [203.188.202.70] by n5.bullet.mail.tp2.yahoo.com with NNFMP; 13 Apr 2009 07:33:19 -0000
Received: from [124.108.115.243] by t1.bullet.mail.tp2.yahoo.com with NNFMP; 13 Apr 2009 07:33:18 -0000
Received: from [124.108.114.83] by t2.bullet.mail.sg1.yahoo.com with NNFMP; 13 Apr 2009 07:33:18 -0000
Received: from [127.0.0.1] by omp103.mail.sg1.yahoo.com with NNFMP; 13 Apr 2009 07:33:18 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 534239.85432.bm@omp103.mail.sg1.yahoo.com
Received: (qmail 11466 invoked by uid 60001); 13 Apr 2009 07:33:22 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.sg; s=s1024; t=1239608002; bh=38lMgTWQ9pF70F+4iU7hACsg22gJFT7ZqbNxakqRkQE=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=B2+Mp4plKdqkWiANVq6FZ6xKaWEBPBAzDjKCwG0ojuPF1n1NV1OZ6XxapIg42sg8DCL/oanIPR2IM/BSsFCGxwpuGXJ+Ivd1F7k3JVYtEPoJ9pwaQ08G372zl7X8IM0s4NHwENONo1H7wip5slFVTQyagpp6CD6sgFMpBhIP1lg=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com.sg;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=b3gqrJA62qlYOLwlzK0/E8bYP5xeBtXiF5fyF+8covgTua4JcLRsM+RVofABp5MCZmSRSdsQUwAJ7vg/XhXC7Rzw+wLsbheVx+oKoE6osa6ztt7gy4G7FFYcCBC2jvNOfoi3R2Co82nwzYPS6sYgAYt4L5286KDkUyjCZyq0kpo=;
Message-ID: <102647.10349.qm@web76506.mail.sg1.yahoo.com>
X-YMail-OSG: JDmvDyIVM1mTIxlVOlytYfHC79b6km0IlHX17tYJEDf4xLtEUp2mr3bpltohhCrtS6na4I7sRBlnPeUA.vMuKH9GrpVwBTLWgFaIpB_3Yzbgs26YZJsYRb0uTQ75p3mNubPQ56_6octYffOY4sKpbpmn.30MYIt4gQDP_vOByu5pkdjEFvcFt1h7pYcCr2T7pBEMj.0lEn11NEbSkI0QaXaDC4WVMWujKCGG3N8K4QBRzXFnHX3krs3xLXxNoKIJ7g–
Received: from [114.123.176.206] by web76506.mail.sg1.yahoo.com via HTTP; Mon, 13 Apr 2009 15:33:21 SGT
X-Mailer: YahooMailClassic/5.2.15 YahooMailWebService/0.7.289.1
Date: Mon, 13 Apr 2009 15:33:21 +0800 (SGT)
From: Unie mb <unie2k@yahoo.com.sg>
Subject: Membatik
To: unie2k@gmail.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=”0-897154804-1239608001=:10349″

–0-897154804-1239608001=:10349
Content-Type: multipart/alternative; boundary=”0-673497874-1239608001=:10349″

–0-673497874-1239608001=:10349
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

testing bro
=0A=0A=0A      New Email names for you! =0AGet the Email name you've al=
ways wanted on the new @ymail and @rocketmail. =0AHurry before someone else=
does!=0Ahttp://mail.promotions.yahoo.com/newdomains/sg/
–0-673497874-1239608001=:10349
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<table cellspacing=3D”0″ cellpadding=3D”0″ border=3D”0″ ><tr><td valign=3D”=
top” style=3D”font: inherit;”>testing bro<br></td></tr></table><br>=0A     =
<hr size=3D1> <a href=3D”http://sg.rd.yahoo.com/sg/mail/trueswitch/mailtag=
line/*https://secure5.trueswitch.com/yahoo-intl/?country=3Dsg&language=3Den=
“> Importing contacts has never been easier..</a><br>Bring your friends ove=
r to Yahoo! Mail today!
–0-673497874-1239608001=:10349–
–0-897154804-1239608001=:10349
Content-Type: text/plain; name=”cecking.txt”
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=”cecking.txt”

VGVzdGluZy10ZXN0aW5nIGh1c25pIHRlc3RpbmcgDQpLZXNlcGlhbiB1eS4u
Lg0KS3VuYW9uIHJlcGVoIHdhZS4udXkuLi4NClNpZXVuIHV5

–0-897154804-1239608001=:10349
Content-Type: image/jpeg; name=”unie.jpg”
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=”unie.jpg”

OEJJTQPzAAAAAAAJAAAAAAAAAAABADhCSU0ECgAAAAAAAQAAOEJJTScQAAAA
AAAKAAEAAAAAAAAAAjhCSU0D9QAAAAAASAAvZmYAAQBsZmYABgAAAAAAAQAv
ZmYAAQChmZoABgAAAAAAAQAyAAAAAQBaAAAABgAAAAAAAQA1AAAAAQAtAAAA
BgAAAAAAAThCSU0D+AAAAAAAcAAA/////////////////////////////wPo
AAAAAP////////////////////////////8D6AAAAAD/////////////////
////////////A+gAAAAA/////////////////////////////wPoAAA4QklN
BAgAAAAAABAAAAABAAACQAAAAkAAAAAAOEJJTQQeAAAAAAAEAAAAADhCSU0E
GgAAAAADPQAAAAYAAAAAAAAAAAAAALQAAACHAAAABAB1AG4AaQBlAAAAAQAA
AAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAACHAAAAtAAAAAAAAAAAAAAA
AAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAABAAAAABAAAAAAAAbnVsbAAAAAIA
AAAGYm91bmRzT2JqYwAAAAEAAAAAAABSY3QxAAAABAAAAABUb3AgbG9uZwAA
AAAAAAAATGVmdGxvbmcAAAAAAAAAAEJ0b21sb25nAAAAtAAAAABSZ2h0bG9u
ZwAAAIcAAAAGc2xpY2VzVmxMcwAAAAFPYmpjAAAAAQAAAAAABXNsaWNlAAAA
EgAAAAdzbGljZUlEbG9uZwAAAAAAAAAHZ3JvdXBJRGxvbmcAAAAAAAAABm9y
aWdpbmVudW0AAAAMRVNsaWNlT3JpZ2luAAAADWF1dG9HZW5lcmF0ZWQAAAAA
VHlwZWVudW0AAAAKRVNsaWNlVHlwZQAAAABJbWcgAAAABmJvdW5kc09iamMA
c3RSZWY6aW5zdGFuY2VJRD4KICAgPHN0UmVmOmRvY3VtZW50SUQ+dXVpZDox
MkE2RjcyOEE1RTREQTExQUNCOUJCNUQwRDkxMzJDRTwvc3RSZWY6ZG9jdW1l
bnRJRD4KICA8L3hhcE1NOkRlcml2ZWRGcm9tPgogPC9yZGY6RGVzY3JpcHRp
b24+CgogPHJkZjpEZXNjcmlwdGlvbiBhYm91dD0ndXVpZDo2ZDlmNzk4Yi0z
NjJlLTExZGItYTAxMC1hNzc2ODUwOTYzZDUnCiAgeG1sbnM6ZGM9J2h0dHA6
Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvJz4KICA8ZGM6Zm9ybWF0Pmlt
YWdlL2pwZWc8L2RjOmZvcm1hdD4KIDwvcmRmOkRlc2NyaXB0aW9uPgoKPC9y
ZGY6UkRGPgo8L3g6eGFwbWV0YT4KICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
JHwNDwPHgPl0UXdhebVOIry3aN+I1AjHyr1sJ/y7e36vtb4/43HZrLHK7k67
rTtKulllMte+Figjn2xPkZHYvNJ/DWMHlNjJ9tc3Nz7wI96+WU5e50uJrSLR
Y3yeOoGFDliJVHkO8aqeWr06+kj7g/uzee6HsDtFvvN/9RzDsE52+ZmJaVok
RJLR5CSSWMLiPUaajEx416PgupdI9QFwBzcfXkEXP9fcPrqBBPrjzx9vWbD0
IY0FadZCjamYA31WLfQkEc3Nv8PblCSTTNf29MimlQfTrja4UnlmLgngtpC8
f0A9uZ0hiKnOePWiNOtQO0U6bKqJhHrW4Cn12PI+hIHpP0H+t9faSVSEJBOk
dPx01UY5Ix1xQ3p3IssdmJQHhgoJsTb62/w97RwYnkAovGmc4rx60RRwDUt6

–0-897154804-1239608001=:10349–

Iklan

Komentar»

No comments yet — be the first.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google+

You are commenting using your Google+ account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

Connecting to %s

%d blogger menyukai ini: