nanog mailing list archives
other virus damages/costs.....(hello skynet.be ?)
From: Mike Tancsa <mike () sentex net>
Date: Mon, 02 Feb 2004 07:57:07 -0500
Looking at my disk stats, my mail storage spool has grown by 15% in the past week not due the deluge of viruses which I can block and reject, but in large part to those idiotic "Hi, I am sorry in a happy idiotic way to inform you that the message you sent has a virus" messages.... As almost all of them forge their email address, what is the point of warning the "sender." Even better, I wake up this am to 285 (and growing) messages below telling me that someone at skynet is trying to send me a virus message and it cc's 64 other people. Nice.
---Mike
From: "Skynet Mail Protection" <support () skynet be> To: gbs-vossem () pi be To: timofeev () granch ru To: chris () aims com au To: dcs () newsguy com To: imp () harmony village org To: ted () ness plymouth edu To: deepak () ai net To: bmilekic () technokratis com To: randy () psg com To: sthaug () nethelp no To: shelton () sentry granch ru To: danny_j_mitzel () yahoo com To: tinguely () web cs ndsu nodak edu To: charon () hell gr To: jesper () skriver dk To: anandfranklin () hotmail com To: nascar24 () home nl To: c.prevotaux () hexanet fr To: reichert () numachi com To: andy () tecc co uk To: provos () citi umich edu To: rtek () dolfijntje nl To: jack_xiao99 () hotmail com To: mark.blackman () netscalibur co uk To: gunther () aurora regenstrief org To: s_bschmi () ira uka de To: vova () express ru To: vlad () ariel phys wesleyan edu To: lord () 4jon com To: assar () freebsd org To: peter.jeremy () alcatel com au To: chaegle () mediaone net To: brad () wcubed net To: ewiz () mail dotcom fr To: freedom () csie nctu edu tw To: oberman () es net To: wes () softweyr com To: julian () elischer org To: iedowse () maths tcd ie To: sroberts84 () hotmail com To: maddave () suxx eu org To: ambrisko () ambrisko com To: ari () suutari iki fi To: bonnetf () plonk esiee fr To: lucky () land3 nsu ru To: ume () freebsd org To: crewking () buckeye-express com To: bright () sneakerz org To: tlambert () primenet com To: gwford () home com To: vlad () infonet com ua To: freebsd-lists-for-dayan-only-owner () egroups co uk To: kimch () etri re kr To: chris () calldei com To: peter () guest-tek com To: sudish () corp earthlink net To: peter () wemm org To: cristjc () earthlink net To: yar () freebsd org To: shalunov () internet2 edu To: mike () sentex net To: roy () its-sby edu To: kjc () csl sony co jp To: seichert () coopcomp com Subject: Skynet Mail Protection scan results Date: Mon, 02 Feb 2004 12:09:44 +0100 Importance: high X-Mailer: ravmd/8.4.2 X-RAVMilter-Version: 8.4.3(snapshot 20030212) (september.skynet.be) X-Virus-Scanned: by amavisd-new X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on spamscanner4.sentex.ca X-Spam-Level: ***** X-Spam-Status: Yes, hits=5.7 required=5.1 tests=MAILTO_TO_SPAM_ADDR, MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,TW_JN,X_PRIORITY_HIGH, X_PRI_MISMATCH_HI autolearn=no version=2.63 X-Spam-Report: * 0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high * 0.1 TW_JN BODY: Odd Letter Triples with JN* 1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely spammer email * 1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE * 2.8 X_PRI_MISMATCH_HI 'X-Priority' does not match 'X-MSMail-Priority'* 0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't ----------------------- This e-mail is generated by Skynet Mail Protection to warn you that the e-mailsent by gbs-vossem () pi be to timofeev () granch ru, chris () aims com au, dcs () newsguy com, imp () harmony village org, ted () ness plymouth edu, deepak () ai net, bmilekic () technokratis com, randy () psg com, sthaug () nethelp no, shelton () sentry granch ru, danny_j_mitzel () yahoo com, tinguely () web cs ndsu nodak edu, charon () hell gr, jesper () skriver dk, anandfranklin () hotmail com, nascar24 () home nl, c.prevotaux () hexanet fr, reichert () numachi com, andy () tecc co uk, provos () citi umich edu, rtek () dolfijntje nl, jack_xiao99 () hotmail com, mark.blackman () netscalibur co uk, gunther () aurora regenstrief org, s_bschmi () ira uka de, vova () express ru, vlad () ariel phys wesleyan edu, lord () 4jon com, assar () freebsd org, peter.jeremy () alcatel com au, chaegle () mediaone net, brad () wcubed net, ewiz () mail dotcom fr, freedom () csie nctu edu tw, oberman () es net, wes () softweyr com, julian () elischer org, iedowse () maths tcd ie, sroberts84 () hotmail com, maddave () suxx eu org, ambrisko () ambrisko com, ari () suutari iki fi, bonnetf () news esiee fr, lucky () land3 nsu.! ru, ume () freebsd org, crewking () buckeye-express com, bright () sneakerz org, tlambert () primenet com, gwford () home com, vlad () infonet com ua, freebsd-lists-for-dayan-only-owner () egroups co uk, kimch () etri re kr, chris () calldei com, peter () guest-tek com, sudish () corp earthlink net, peter () wemm org, cristjc () earthlink net, yar () freebsd org, shalunov () internet2 edu, mike () sentex net, roy () its-sby edu, kjc () csl sony co jp, seichert () coopcomp com is infected with virus: Win32/Swen.A@mm.Deze e-mail is gegenereerd door Skynet Mail Protection om u te waarschuwen datde e-mail gestuurd door gbs-vossem () pi be naar timofeev () granch ru, chris () aims com au, dcs () newsguy com, imp () harmony village org, ted () ness plymouth edu, deepak () ai net, bmilekic () technokratis com, randy () psg com, sthaug () nethelp no, shelton () sentry granch ru, danny_j_mitzel () yahoo com, tinguely () web cs ndsu nodak edu, charon () hell gr, jesper () skriver dk, anandfranklin () hotmail com, nascar24 () home nl, c.prevotaux () hexanet fr, reichert () numachi com, andy () tecc co uk, provos () citi umich edu, rtek () dolfijntje nl, jack_xiao99 () hotmail com, mark.blackman () netscalibur co uk, gunther () aurora regenstrief org, s_bschmi () ira uka de, vova () express ru, vlad () ariel phys wesleyan edu, lord () 4jon com, assar () freebsd org, peter.jeremy () alcatel com au, chaegle () mediaone net, brad () wcubed net, ewiz () mail dotcom fr, freedom () csie nctu edu tw, oberman () es net, wes () softweyr com, julian () elischer org, iedowse () maths tcd ie, sroberts84 () hotmail com, maddave () suxx eu org, ambrisko () ambrisko com, ari () suutari iki fi, bonnetf () news esiee fr! , lucky () land3 nsu ru, ume () freebsd org, crewking () buckeye-express com, bright () sneakerz org, tlambert () primenet com, gwford () home com, vlad () infonet com ua, freebsd-lists-for-dayan-only-owner () egroups co uk, kimch () etri re kr, chris () calldei com, peter () guest-tek com, sudish () corp earthlink net, peter () wemm org, cristjc () earthlink net, yar () freebsd org, shalunov () internet2 edu, mike () sentex net, roy () its-sby edu, kjc () csl sony co jp, seichert () coopcomp com geinfecteerd is met Win32/Swen.A@mm. Ce mail est généré par Skynet Mail Protection afin de vous prévenir que l'e-mail envoyé par gbs-vossem () pi be à timofeev () granch ru, chris () aims com au, dcs () newsguy com, imp () harmony village org, ted () ness plymouth edu, deepak () ai net, bmilekic () technokratis com, randy () psg com, sthaug () nethelp no, shelton () sentry granch ru, danny_j_mitzel () yahoo com, tinguely () web cs ndsu nodak edu, charon () hell gr, jesper () skriver dk, anandfranklin () hotmail com, nascar24 () home nl, c.prevotaux () hexanet fr, reichert () numachi com, andy () tecc co uk, provos () citi umich edu, rtek () dolfijntje nl, jack_xiao99 () hotmail com, mark.blackman () netscalibur co uk, gunther () aurora regenstrief org, s_bschmi () ira uka de, vova () express ru, vlad () ariel phys wesleyan edu, lord () 4jon com, assar () freebsd org, peter.jeremy () alcatel com au, chaegle () mediaone net, brad () wcubed net, ewiz () mail dotcom fr, freedom () csie nctu edu tw, oberman () es net, wes () softweyr com, julian () elischer org, iedowse () maths tcd ie, sroberts84 () hotmail com, maddave () suxx eu org,! ambrisko () ambrisko com, ari () suutari iki fi, bonnetf () news esiee fr, lucky () land3 nsu ru, ume () freebsd org, crewking () buckeye-express com, bright () sneakerz org, tlambert () primenet com, gwford () home com, vlad () infonet com ua, freebsd-lists-for-dayan-only-owner () egroups co uk, kimch () etri re kr, chris () calldei com, peter () guest-tek com, sudish () corp earthlink net, peter () wemm org, cristjc () earthlink net, yar () freebsd org, shalunov () internet2 edu, mike () sentex net, roy () its-sby edu, kjc () csl sony co jp, seichert () coopcomp com est infecté par le virus : Win32/Swen.A@mm.Please contact your system administrator for further information. Gelieve uw systeembeheerder te contacteren voor meer informatie.Veuillez contacter votre administrateur système pour de plus amples informations.If you are the sender: Indien u de zender bent: Si vous êtes l'expéditeur: ------------------- The scanned e-mail has your address in the <From> header field. Either your computer is infected or someone's computer having your e-mail address in the address book has been infected. De gescande e-mail heeft uw adres in het <From> veld. Dat betekent dat ofweljouw computer geinfecteerd is, ofwel dat iemand is geinfecteerd, die jouw e-mailadres in zijn/haar adresboek heeft. Le mail scanné contient votre adresse e-mail dans son en-tête <De>. Soit votre ordinateur est infecté soit votre adresse e-mail est reprise dans le carnet d'adresse d'un ordinateur infecté. If you are the receiver: Indien u de bestemmeling bent: Si vous êtes le destinataire: ---------------------Please contact the sender: most likely he/she doesn't know he/she has a computer virus. Gelieve de zender te contacteren: hoogst waarschijnlijk weet hij/zij niet dat hij/zijgeinfecteerd is met een computer virus. Veuillez contacter l'expéditeur: le plus souvent, il/elle ne sait pas que son ordinateur est infecté. Actions taken for the infected files: Ondernomen actie voor de geinfecteerde bestanden: Actions prises pour les fichiers infectés: -------------------------------------The infected file was saved to quarantine with name: 1075720184-RAVi12B9bAP025868. The file (part0004:Update.exe) attached to mail (with subject:net critical upgrade) sent by gbs-vossem () pi be to timofeev () granch ru, chris () aims com au, dcs () newsguy com, imp () harmony village org, ted () ness plymouth edu, deepak () ai net, bmilekic () technokratis com, randy () psg com, sthaug () nethelp no, shelton () sentry granch ru, danny_j_mitzel () yahoo com, tinguely () web cs ndsu nodak edu, charon () hell gr, jesper () skriver dk, anandfranklin () hotmail com, nascar24 () home nl, c.prevotaux () hexanet fr, reichert () numachi com, andy () tecc co uk, provos () citi umich edu, rtek () dolfijntje nl, jack_xiao99 () hotmail com, mark.blackman () netscalibur co uk, gunther () aurora regenstrief org, s_bschmi () ira uka de, vova () express ru, vlad () ariel phys wesleyan edu, lord () 4jon com, assar () freebsd org, peter.jeremy () alcatel com au, chaegle () mediaone net, brad () wcubed net, ewiz () mail dotcom fr, freedom () csie nctu edu tw, oberman () es net, wes () softweyr com, julian () elischer org, iedowse () maths tcd ie, sroberts84 () hotmail com, maddave () suxx eu org! , ambrisko () ambrisko com, ari () suutari iki fi, bonnetf () news esiee fr, lucky () land3 nsu ru, ume () freebsd org, crewking () buckeye-express com, bright () sneakerz org, tlambert () primenet com, gwford () home com, vlad () infonet com ua, freebsd-lists-for-dayan-only-owner () egroups co uk, kimch () etri re kr, chris () calldei com, peter () guest-tek com, sudish () corp earthlink net, peter () wemm org, cristjc () earthlink net, yar () freebsd org, shalunov () internet2 edu, mike () sentex net, roy () its-sby edu, kjc () csl sony co jp, seichert () coopcomp comis infected with virus: Win32/Swen.A@mm. The mail was not delivered because it contained dangerous code. ------------------------ this is a copy of the e-mail header: RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212) Scan engine 8.11 for i386. Last update: Mon, 02 Feb 2004 04:36:04 +01 Scanning for 89407 malwares (viruses, trojans and worms).
-------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike () sentex net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
Current thread:
- other virus damages/costs.....(hello skynet.be ?) Mike Tancsa (Feb 02)
- Re: other virus damages/costs.....(hello skynet.be ?) Stephen J. Wilcox (Feb 02)
- Re: other virus damages/costs.....(hello skynet.be ?) jlewis (Feb 02)
- Re: other virus damages/costs.....(hello skynet.be ?) Valdis . Kletnieks (Feb 02)
- Re: other virus damages/costs.....(hello skynet.be ?) Matthew Sullivan (Feb 02)
- Re: other virus damages/costs.....(hello skynet.be ?) Valdis . Kletnieks (Feb 02)
- Re: other virus damages/costs.....(hello skynet.be ?) Randy Bush (Feb 02)
- Re: other virus damages/costs.....(hello skynet.be ?) Todd Vierling (Feb 02)