nanog mailing list archives
Re: Fwd: FOUND VIRUS IN MAIL
From: James Thomason <james () divide org>
Date: Tue, 18 Jun 2002 09:24:08 -0700 (PDT)
I could not get this virus to execute on my BSD box, the binary must be corrupt. Clearly this person did not study their target audience. Regards, James On 17 Jun 2002, Larry Rosenman wrote:
Fair Warning....
-----Forwarded Message-----
From: vscan () lerctr org
To: virusalert () lerctr org
Subject: FOUND VIRUS IN MAIL from <owner-nanog () merit edu>
Date: 17 Jun 2002 22:48:16 -0500
A virus was found in an email from:
<owner-nanog () merit edu>
The message was addressed to:
-> <ler () lerami lerctr org>
The message has been quarantined as:
/var/virusmails/virus-20020617-224816-21028
Here is the output of the scanner:
Scanning /var/amavis/amavis-milter-4Oa4l925/parts/*
Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-1.txt
Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-2.html
Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe
/var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe
Found the DDoS-Slack trojan !!!
Summary report on /var/amavis/amavis-milter-4Oa4l925/parts/*
File(s)
Total files: ........... 3
Clean: ................. 2
Possibly Infected: ..... 1
Here are the headers:
------------------------- BEGIN HEADERS -----------------------------
Received: by trapdoor.merit.edu (Postfix)
id 0FA7F9124E; Mon, 17 Jun 2002 23:46:02 -0400 (EDT)
Delivered-To: nanog-outgoing () trapdoor merit edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
id B621F9124F; Mon, 17 Jun 2002 23:46:01 -0400 (EDT)
Delivered-To: nanog () trapdoor merit edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
by trapdoor.merit.edu (Postfix) with ESMTP id A61099124E
for <nanog () trapdoor merit edu>; Mon, 17 Jun 2002 23:45:58 -0400 (EDT)
Received: by segue.merit.edu (Postfix)
id 8CCEA5DE57; Mon, 17 Jun 2002 23:45:58 -0400 (EDT)
Delivered-To: nanog () merit edu
Received: from web21109.mail.yahoo.com (web21109.mail.yahoo.com [216.136.227.111])
by segue.merit.edu (Postfix) with SMTP id D92105DE52
for <nanog () merit edu>; Mon, 17 Jun 2002 23:45:57 -0400 (EDT)
Message-ID: <20020618034556.54382.qmail () web21109 mail yahoo com>
Received: from [68.36.89.121] by web21109.mail.yahoo.com via HTTP; Mon, 17 Jun 2002 20:45:56 PDT
Date: Mon, 17 Jun 2002 20:45:56 -0700 (PDT)
From: jim bruer <jim_teh_man () yahoo com>
Subject: ConfigMaker Beta
To: nanog () merit edu
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-340633384-1024371956=:50295"
Sender: owner-nanog () merit edu
Precedence: bulk
Errors-To: owner-nanog-outgoing () merit edu
X-Loop: nanog
-------------------------- END HEADERS ------------------------------
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler () lerctr org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Current thread:
- [Fwd: FOUND VIRUS IN MAIL from <owner-nanog () merit edu>] Larry Rosenman (Jun 17)
- Re: [Fwd: FOUND VIRUS IN MAIL from <owner-nanog () merit edu>] John Payne (Jun 17)
- Re: [Fwd: FOUND VIRUS IN MAIL from <owner-nanog () merit edu>] Larry Rosenman (Jun 17)
- Re: Fwd: FOUND VIRUS IN MAIL James Thomason (Jun 18)
- <Possible follow-ups>
- Re: [Fwd: FOUND VIRUS IN MAIL from <owner-nanog () merit edu>] Larry Rosenman (Jun 17)
- Re: [Fwd: FOUND VIRUS IN MAIL from <owner-nanog () merit edu>] John Payne (Jun 17)