Hacking The Scammers

Most of those who come accross this blog have received e mails from Nigerian spam artist. I opened this one up this morning: DEAR ONE, PLEASE DO NOT BE EMBARASED,I AM SEEKING FOR YOUR ASSISTANCE TO HELP ME CLEAR ONE TRUNK BOX CONTENT $10.5M US DOLLARS WHICH MY LATE FATHER DEPOSIT IN A SECURITY COMPANY HERE IN ABIDJAN COTE D IVOIRE. YOU WILL COME DOWN TO ABIDJAN. AND I WILL TAKE YOU TO THE SECURITY COMPANY WHERE MY LATE FATHER DEPOSIT THE BOX. AND YOU WILL SIGN SOME DUCUMENTS THEN THEY WILL RELEASE THE BOX TO YOU. PLEASE IT IS MORE THAN URGENT,I PROPOSE 15% OF THE TOTAL MONEY AS YOUR SHARE FOR YOUR ASSISTANCE WHILE 5% FOR ANY EXPENCES YOU WILL INCURE TO SEE THIS TRANSACTION THROUGH. I WISH TO TELL YOU THAT I AM FINDING LIFE VERY DIFFICULT SINCE I LOST MY FATHER. I WILL DETAIL YOU MORE AS SOON AS I HEAR FROM YOU. PLEASE REPLY ME IMMEDIATELY FOR MORE DETAILS. THANKS AND GOD BLESS. CHRISTINA UMEH. Did anyone watch 20/20 last night? I had to laugh when watching the woman from down south who sent them her bank account numbers. People who deal with these scammers are all too often just greedy. No one, and I mean NO ONE, gives out millions to forigners for free. (Well maybe our own government). Anyway, below is some of the header information from the above e mail sent to my Yahoo e mail account. (I get a lot). X-Apparently-To: frannyward@yahoo.com via 206.190.49.125; Sat, 09 Dec 2006 02:00:16 -0800 X-Originating-IP: [68.142.236.185] Return-Path: (c_umeh586ci@yahoo.com) Received: from [196.201.89.11] by web58502.mail.re3.yahoo.com via HTTP; Sat, 09 Dec 2006 02:00:12 PST The only thing that I am interested in is the "Received" field. The ip address that is shown in red is where the message was composed. So I open up "Sam Spade" and punch in the address. This is what I get: 12/09/06 10:24:20 IP block 196.201.89.11 Trying 196.201.89.11 at ARIN Trying 196.201.89 at ARIN African Network Information Center NET196 (NET-196-0-0-0-0) 196.0.0.0 - 196.255.255.255 RIPE Network Coordination Centre RIPE-ERX-196-200-0-0 (NET-196-200-0-0-1) 196.200.0.0 - 196.207.255.255 # ARIN WHOIS database, last updated 2006-12-08 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. Curious, I then type in my browser http://196.201.89.11. I get a login page that is in french saying this: "Veuillez vous authentifier pour entrer dans la configuration du Evo-WR54ADSL". I don't read french so I copy it and paste it into Google's Language Tools. Volia! "Please authenticate itself to enter the configuration of Evo-WR54ADSL". Enough of a translation for me.. It's a DSL router, complete and out in the open with a username and password dialog box, just waiting to be hacked.. Cheers.