Security Incidents mailing list archives
Strange mail - maybe password stealing trojan
From: Alexander Talos <alexander.talos () UNIVIE AC AT>
Date: Thu, 15 Feb 2001 16:40:52 +0100
Hej! I just stumbled over a doublebounce that I suspect to be the output of some kind of trojan, perhaps some freeporn viewer/downloader. I could not find any related info on deja^H^H^H^Hgoogle.com etc. According to the logs, the first mail of that kind was sent through our servers on 6 Nov 2000. Here's the mail that bounced: Return-Path: <john () email com> Received: from LMD (xxx.univie.ac.at [193.170.x.x]) by mailbox.univie.ac.at (8.11.2/8.11.2) with SMTP id f1F9icu132040 for mayday77 () hotmail com; Thu, 15 Feb 2001 10:44:39 +0100 Date: Thu, 15 Feb 2001 10:44:39 +0100 Message-Id: <200102150944.f1F9icu132040 () mailbox univie ac at> From: xxxx Subject: xxxx@ xxxx.univie.ac.at [193.170.x.x]193.170.x.x 2c37 77freesex.exe D:\WIN95\DLLDEBU.EXE 195.90.214.15/live-chat-strip : KEVIN!:42q53q456 www.link.springer.de/link : uni:dd MAPI : MAPI 195.90.214.15/live-chat-strip : KEVIN!:42q53q456 www.link.springer.de/link : uni:dd MAPI : MAPI 98 |4:10:67766222 : Curiously, I could find only one PC sending mails with a reverse-path of <john () email com> in our not so small network. Hence, I don't think that supposed trojan is very widespread, but maybe still worth mentioning. Regards, Alexander
Current thread:
- Strange mail - maybe password stealing trojan Alexander Talos (Feb 15)