Re: ICQ Users a target Again!

[Hugo van der Kooij <hvdkooij () VANDERKOOIJ ORG>]

On Wed, 28 Mar 2001, Lee Hetherington wrote:

> I got an email today when I arrived at work which seemed to originate from
> the MAILER-DAEMON account on one of our machines running Sendmail.  The
> message had no body but had one attatchment. The file LEOKIALE.EXE is 23Kb
> in Size and Hasnt been opened...
>
> It was to a personal address of my own which is only used in ICQ...

Can't recall that ICQ is extremely safe.

> Message Headers:-
>
> Return-Path: <root () ns1 asphost net>
> Received: (from root@localhost)
>       by XXX.asphost.net (8.11.0/8.8.7) id f2RGNGL32025
>       for lee () asphost net; Tue, 27 Mar 2001 17:23:16 +0100
> Received: from isis.hol.gr (isis.hol.gr [194.30.192.21])
>       by XXX.asphost.net (8.11.0/8.8.7) with SMTP id f2RGLeZ32019
>       for <xxxxxx () kerfuffle net>; Tue, 27 Mar 2001 17:21:40 +0100
> Date: Tue, 27 Mar 2001 17:21:40 +0100
> From: MAILER-DAEMON () ns1 asphost net

Seems this was an attempted relay. (Note that it seemed intended for
someone at kerfuffle.net but your mail server may not know how to handle
that address.)

Beyond that it might be a good thing to submit the file to a
virusscannner.

Hugo.

--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () vanderkooij org             http://hvdkooij.xs4all.nl/
Alle email is gebonden aan de regels beschreven op mijn homepage.
All email send to me is bound to the rules described on my homepage.
        Don't meddle in the affairs of sysadmins,
        for they are subtle and quick to anger.