cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

New spam bug in Google calendar?

OK, this is a new one on me.

 

I received the following message this morning. It's instantly recognizable as spam. Initially I figured it was just something that someone had faked up with a GMail account to look like it came from Google calendar, but, when I checked my calendar, there is actually an entry for it!

 

It's not just an interaction with GMail, since I haven't yet read it in GMail, and read it in a safe MUA first.

 

Anybody heard of this? Anybody got a way to report it to Google?

 

------- Forwarded message follows -------
Send reply to: sergeyoewec@gmail.com
Date sent: Mon, 25 Nov 2019 00:29:09 +0000
Subject: Notification: Get a super bonus in our casino -> https://www.euslot.io/...
@ Mon 25 Nov 2019 (rslade@gmail.com)
From: Google Calendar <calendar-notification@google.com>
To: Rob Slade <rslade@gmail.com>

This is a notification for:

Title: Get a super bonus in our casino ->
https://www.euslot.io/ru/refer/847a971e
You have received an invitation to a VIP event. On which we distribute an
increased welcome bonus on the first deposit.
https://www.euslot.io/ru/refer/847a971e When: Mon 25 Nov 2019 Where: Only we
have the biggest welcome bonus. https://www.euslot.io/ru/refer/847a971e
Calendar: rslade@gmail.com Who:
* sergeyoewec@gmail.com- organiser
* rslade@gmail.com

Event details:
https://www.google.com/calendar/event?action=VIEW&eid=MXZxZWR2a3EwYTYybWk5bWJuYz
BhZjJtY2MgcnNsYWRlQG0&tok=MjEjc2VyZ2V5b2V3ZWNAZ21haWwuY29tM2IzYTJiNmU5Y2I1OTc0YT
kxNmE5ZTA1OGM1M2QxYzUzYTU5MmU1ZQ&ctz=America%2FVancouver&hl=en_GB&es=1

Invitation from Google Calendar: https://www.google.com/calendar/

You are receiving this email at the account rslade@gmail.com because you
are subscribed for notifications on calendar rslade@gmail.com.

To stop receiving these emails, please log in to
https://www.google.com/calendar/ and change your notification settings for this
calendar.

Forwarding this invitation could allow any recipient to send a response to the
organiser and be added to the guest list, invite others regardless of their own
invitation status or to modify your RSVP. Learn more at
https://support.google.com/calendar/answer/37135#forwarding

------- End of forwarded message -------


Full headers:

Return-Path: <rslade+caf_=p.1=shaw.ca@gmail.com>
Received: from mi06-ssvc.dcs.int.inet (LHLO mi06.dcs.int.inet)
(10.0.141.211) by cds238.dcs.int.inet with LMTP; Sun, 24 Nov 2019 17:33:15
-0700 (MST)
Received: from mail-wr1-f54.google.com ([209.85.221.54])
by cmsmtp with ESMTP
id Z2JUiZzsICbeiZ2JWiMKke; Sun, 24 Nov 2019 17:33:15 -0700
Authentication-Results: mi06.dcs.int.inet;
dkim=pass header.d=google.com header.b=LVI5+toJ;
dmarc=pass header.from=google.com
X-Authority-Analysis: v=2.3 cv=Vodd/N+n c=1 sm=1 tr=0 cx=a_idp_d
a=AzFVNxfIwFHkKIYX7pJ4Tg==:117 a=fabfSJiLAAAA:8 a=pGLkceISAAAA:8
a=KiCxJD0x+Pe5VASQKmYoJrcyuOo=:19 a=Pu4FmUQ8Vu+Axq5mXWO08eY0EVg=:19
a=OS4gC7vrvxYA:10 a=Imb2T40fvSIA:10 a=x7bEGLp0ZPQA:10 a=6kkecFrAcXAA:10
a=MeAgGD-zjQ4A:10 a=1XWaLZrsAAAA:8 a=30AF1RqnpoDqeyax4AcA:9
a=dxRGH-b40OrradWy:21 a=CRh6JWTFXB3QHbep:21 a=QEXdDO2ut3YA:10
a=fYjG0xGI5HcA:10 a=wihsHI4ynmYA:10 a=TeuQqM9sAAAA:8 a=NkFrU9VZnxlacxlcgxUA:9
a=ZgwK-eFzGaUmtNqo:21 a=IYLI1x2aF4HH7m83:21 a=bfGVuOD0VfQPiv_0:21
a=b59zs9BW7Q0A:10 a=0P8CWU3Pl1wA:10 a=qaUQoX6ijUsA:10
a=s5kVSNPL-T_ks9ic6eAL:22 a=2seLN8d1Pz2FMHL03U8K:22 a=qRDIHLa29sikh_F1Z9_d:22
a=qgIZjsvyYUXcp7PvdJ-l:22
Received: by mail-wr1-f54.google.com with SMTP id z7so12179106wrl.13
for <p.1@shaw.ca>; Sun, 24 Nov 2019 16:33:14 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:delivered-to:dkim-signature:mime-version
:reply-to:auto-submitted:message-id:date:subject:from:to;
bh=URk11Mn3fIfgHq3rusuK7u30VaHutNZ0q9ov23Nr8JE=;
b=TCdnzRZyi4ezl1WJdK9tZdOiuOrOS0u8OlY6w8Xic2gjXVLMYNK6eo13+XgMMGVWn9
KxCtpS6V60JdL4fZBsyaSPhnxIi8JiDNI1Eegj1lKelGCEH8Dwk1x0V2f7XlnRWE9//d
Yb6x8zs3Hm99Y8wfNKn0ok30V9azMib9QjaPf1CdpnPeV1XkZwwbklIf4MU2mPVGqDu1
q5OYTPOtsjVguqSoxWhP1aBBsq75qu3VjUGXpxTHcCikbCaisRJxuDwfiRrk2MHGT4ql
1n7rODNX0/OpSicr1/tEEvu7vVZioPXnLnexnci8AfBEb53HtnH+9sYh1O2ZRRBLYpqc
i4uA==
X-Gm-Message-State: APjAAAV5020enIHRFyOyTCk1b9z9Yqo3lQbqeio2b4W5b4C0px0gkpMf
YJ1eXcjlJNlF8lj58EmB9WO4hMWM/14NeAkTwxlsIShHakKyLx0=
X-Received: by 2002:a05:6000:12c4:: with SMTP id l4mr27683601wrx.110.1574641992083;
Sun, 24 Nov 2019 16:33:12 -0800 (PST)
X-Forwarded-To: p.1@shaw.ca
X-Forwarded-For: rslade@gmail.com p.1@shaw.ca
Delivered-To: rslade@gmail.com
Received: by 2002:adf:bb49:0:0:0:0:0 with SMTP id x9csp2064299wrg;
Sun, 24 Nov 2019 16:33:10 -0800 (PST)
X-Received: by 2002:a81:53d5:: with SMTP id h204mr18018888ywb.411.1574641750498;
Sun, 24 Nov 2019 16:29:10 -0800 (PST)
X-Received: by 2002:a81:53d5:: with SMTP id h204mr18018866ywb.411.1574641749596;
Sun, 24 Nov 2019 16:29:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1574641749; cv=none;
d=google.com; s=arc-20160816;
b=YfauTk5h0rJqgxRhPGq0bST5/PWHwaeok0j/ZbcGtG3RU+jVzX3zjluh+FiW10Qz+e
tEz0Bt/njGzIQzHxdN2XMeCW2rRAw152Pt53lwEdG95lK3EU4j7d5dKDBZswwJmsmX/a
zhxEb8Hkdwo5vGvSOrXnJ+8iPRnDwEJfcM95HFsKGHl9fa6j96WdXwmVbOB3CUl3Krbe
wDIg4GbvKtwxsxhMgXKA43xvLl0TWqIPWW8k5lCnUBaHsaohrJHvoJfMGTb+PXrbe/09
ev0QMrQlbylGfgRdAOzBCL+pRFYun8xGXvhj4NRJi3IgjSl3upsi9yq2aJYqXPCV+Snv
nV8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=to:from:subject:date:message-id:auto-submitted:reply-to
:mime-version:dkim-signature;
bh=URk11Mn3fIfgHq3rusuK7u30VaHutNZ0q9ov23Nr8JE=;
b=cr5Int7tl54k7SZyhFB20z4+xXLGQADGfv0wWGVeXzJLAw4FzcM1Ryrh9AZ4E0Xw91
nP6JbVEDiYsPzYiJt/TfwxVIwvchICHZ3Ow1KxqXeNwCzyU6/1k/5JaUlUs3IUCI2dTP
MsMmIx3C+e4cV9wJh2XvGenmaqVOOR1itRUoiIuVSxXhupI69L5BWBpU1kEy4aDzEJIW
/Nux+YBkgMF3afmpQHhy+r85xUnGchYhh1Cbmr9tsW4UvHigdhK7sqcxSj5aCzZRh+Vq
jV9WjER6Co5WXSCKVRGzrldFaIAJOEUZHYPft2USysQrcV4IZfxmJS1ON4nGvkG1xPkJ
95eg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20161025 header.b=LVI5+toJ;
spf=pass (google.com: domain of 3vsdbxqyjbvypqjybcekygj.amkpqjybcekygj.amk@calendar-server.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3VSDbXQYJBvYpqjYbcekYgj.amkpqjYbcekYgj.amk@calendar-server.bounces.google.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <3VSDbXQYJBvYpqjYbcekYgj.amkpqjYbcekYgj.amk@calendar-server.bounces.google.com>
Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73])
by mx.google.com with SMTPS id 193sor2561620ywg.63.2019.11.24.16.29.09
for <rslade@gmail.com>
(Google Transport Security);
Sun, 24 Nov 2019 16:29:09 -0800 (PST)
Received-SPF: pass (google.com: domain of 3vsdbxqyjbvypqjybcekygj.amkpqjybcekygj.amk@calendar-server.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20161025 header.b=LVI5+toJ;
spf=pass (google.com: domain of 3vsdbxqyjbvypqjybcekygj.amkpqjybcekygj.amk@calendar-server.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3VSDbXQYJBvYpqjYbcekYgj.amkpqjYbcekYgj.amk@calendar-server.bounces.google.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20161025;
h=mime-version:reply-to:auto-submitted:message-id:date:subject:from
:to;
bh=URk11Mn3fIfgHq3rusuK7u30VaHutNZ0q9ov23Nr8JE=;
b=LVI5+toJArIA0F9WX7lsIum16ZdtcHb2281UdcnNw+85vQfWveBvVepgFoPg+07+vB
puLt/yLOjZMLtZ+rAdxAkuqplSq2+t5eMfGWfdEyWxVDbylO0QHDL+D5BLDk+vnPqEuL
Tzl2BDDXwENCQkM1x7F74MvgmXCkPCwDQzp15XBVc3WSh44u6N4jxy7+EMfVvocNO4pd
9XkZVeMpmBa7jGYamLHpjIbwan1h9lxYfYZJWB5zVHfIHgGC6diQn5nQstSHUySqh4Tr
KCIbJrzA+tond46QePwihnOecesDK7IfMGMrkNKliwOMLevxTgncWX8Rp1Jelnqi0pIy
18cw==
X-Google-Smtp-Source: APXvYqwVH/AUxg/HQKynAEqOLRlRW4VA+yxVi1tnUUHfrUM1RYSJ+QHwsm/VLd7YKle87rXZyKD7UlpGw2TziJUHvfth
MIME-Version: 1.0
X-Received: by 2002:a81:2646:: with SMTP id m67mr18525864ywm.341.1574641749241;
Sun, 24 Nov 2019 16:29:09 -0800 (PST)
Reply-To: sergeyoewec@gmail.com
Auto-Submitted: auto-generated
Message-ID: <0000000000001cb65b059820da56@google.com>
Date: Mon, 25 Nov 2019 00:29:09 +0000
Subject: Notification: Get a super bonus in our casino -> https://www.euslot.io/...
@ Mon 25 Nov 2019 (rslade@gmail.com)
From: Google Calendar <calendar-notification@google.com>
To: Rob Slade <rslade@gmail.com>
X-CMAE-Envelope: MS4wfKqK7jZkbKmHqnotg8xDm6vTnSaIa1l+J20aQ5LF0xSYUWqqqZ/N2E+Hp8B8ryuqBBE6nlcfm+jGZqsLXfX6SsnsfDTZ5QW9Cwf99/x6CsYbjJ9JwDdr
4Dgqv2P6mQqSkKkAxaSf2aYWhKOK4qfHCsJhq4gLbqahlaCBgQHAYlw4XiSWO4As7ngRzD5nCSfpvg==
X-Antivirus: Avast (VPS 191125-0, 11/25/2019), Inbound message
X-Antivirus-Status: Clean
X-PMFLAGS: 570950016 0 1 P34FC0.CNM
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
1 Reply
denbesten
Community Champion


@rslade wrote:

OK, this is a new one on me.

 

I received the following message this morning. It's instantly recognizable as spam. Initially I figured it was just something that someone had faked up with a GMail account to look like it came from Google calendar, but, when I checked my calendar, there is actually an entry for it!

 

It's not just an interaction with GMail, since I haven't yet read it in GMail, and read it in a safe MUA first.

 

Anybody heard of this? Anybody got a way to report it to Google?


"It's a feature, not a bug".  Those of us who disagree can disable it.  Even though your MUA may be part of the Resistance, your MDA and MTA remain part of the Empire.