nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: other virus damages/costs.....(hello skynet.be ?)

From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Mon, 2 Feb 2004 13:08:37 +0000 (GMT)

our queue appears to increasing linearly since about last tuesday, since then
its increased 3000%, theres a huge dip midday saturday (it goes down to one
third its size in about 4hrs) then rapidly jumps up to higher than its pre-dip
value

thats messages tho, queue spool size hasnt gone up all that much, maybe 200%

no idea about our storage spools...

very odd!!

Steve

On Mon, 2 Feb 2004, Mike Tancsa wrote:




Looking at my disk stats, my mail storage spool has grown by 15% in the 
past week not due the deluge of viruses which I can block and reject, but 
in large part to those idiotic "Hi, I am sorry in a happy idiotic way to 
inform you that the message you sent has a virus" messages....  As almost 
all of them forge their email address, what is the point of warning the 
"sender."  Even better, I wake up this am to 285 (and growing) messages 
below telling me that someone at skynet is trying to send me a virus 
message and it cc's 64 other people.  Nice.


         ---Mike


From: "Skynet Mail Protection" <support () skynet be>
To: gbs-vossem () pi be
To: timofeev () granch ru
To: chris () aims com au
To: dcs () newsguy com
To: imp () harmony village org
To: ted () ness plymouth edu
To: deepak () ai net
To: bmilekic () technokratis com
To: randy () psg com
To: sthaug () nethelp no
To: shelton () sentry granch ru
To: danny_j_mitzel () yahoo com
To: tinguely () web cs ndsu nodak edu
To: charon () hell gr
To: jesper () skriver dk
To: anandfranklin () hotmail com
To: nascar24 () home nl
To: c.prevotaux () hexanet fr
To: reichert () numachi com
To: andy () tecc co uk
To: provos () citi umich edu
To: rtek () dolfijntje nl
To: jack_xiao99 () hotmail com
To: mark.blackman () netscalibur co uk
To: gunther () aurora regenstrief org
To: s_bschmi () ira uka de
To: vova () express ru
To: vlad () ariel phys wesleyan edu
To: lord () 4jon com
To: assar () freebsd org
To: peter.jeremy () alcatel com au
To: chaegle () mediaone net
To: brad () wcubed net
To: ewiz () mail dotcom fr
To: freedom () csie nctu edu tw
To: oberman () es net
To: wes () softweyr com
To: julian () elischer org
To: iedowse () maths tcd ie
To: sroberts84 () hotmail com
To: maddave () suxx eu org
To: ambrisko () ambrisko com
To: ari () suutari iki fi
To: bonnetf () plonk esiee fr
To: lucky () land3 nsu ru
To: ume () freebsd org
To: crewking () buckeye-express com
To: bright () sneakerz org
To: tlambert () primenet com
To: gwford () home com
To: vlad () infonet com ua
To: freebsd-lists-for-dayan-only-owner () egroups co uk
To: kimch () etri re kr
To: chris () calldei com
To: peter () guest-tek com
To: sudish () corp earthlink net
To: peter () wemm org
To: cristjc () earthlink net
To: yar () freebsd org
To: shalunov () internet2 edu
To: mike () sentex net
To: roy () its-sby edu
To: kjc () csl sony co jp
To: seichert () coopcomp com
Subject: Skynet Mail Protection scan results
Date: Mon, 02 Feb 2004 12:09:44 +0100
Importance: high
X-Mailer: ravmd/8.4.2
X-RAVMilter-Version: 8.4.3(snapshot 20030212) (september.skynet.be)
X-Virus-Scanned: by amavisd-new
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
        spamscanner4.sentex.ca
X-Spam-Level: *****
X-Spam-Status: Yes, hits=5.7 required=5.1 tests=MAILTO_TO_SPAM_ADDR,
        MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,TW_JN,X_PRIORITY_HIGH,
        X_PRI_MISMATCH_HI autolearn=no version=2.63
X-Spam-Report:
        *  0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
        *  0.1 TW_JN BODY: Odd Letter Triples with JN
        *  1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely 
spammer email
        *  1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no 
X-MimeOLE
        *  2.8 X_PRI_MISMATCH_HI 'X-Priority' does not match 
'X-MSMail-Priority'
        *  0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't



-----------------------
This e-mail is generated by Skynet Mail Protection to warn you that the e-mail
sent by gbs-vossem () pi be to timofeev () granch ru, chris () aims com au, 
dcs () newsguy com, imp () harmony village org, ted () ness plymouth edu, 
deepak () ai net, bmilekic () technokratis com, randy () psg com, 
sthaug () nethelp no, shelton () sentry granch ru, danny_j_mitzel () yahoo com, 
tinguely () web cs ndsu nodak edu, charon () hell gr, jesper () skriver dk, 
anandfranklin () hotmail com, nascar24 () home nl, c.prevotaux () hexanet fr, 
reichert () numachi com, andy () tecc co uk, provos () citi umich edu, 
rtek () dolfijntje nl, jack_xiao99 () hotmail com, 
mark.blackman () netscalibur co uk, gunther () aurora regenstrief org, 
s_bschmi () ira uka de, vova () express ru, vlad () ariel phys wesleyan edu, 
lord () 4jon com, assar () freebsd org, peter.jeremy () alcatel com au, 
chaegle () mediaone net, brad () wcubed net, ewiz () mail dotcom fr, 
freedom () csie nctu edu tw, oberman () es net, wes () softweyr com, 
julian () elischer org, iedowse () maths tcd ie, sroberts84 () hotmail com, 
maddave () suxx eu org, ambrisko () ambrisko com, ari () suutari iki fi, 
bonnetf () news esiee fr, lucky () land3 nsu.!
 ru, ume () freebsd org, crewking () buckeye-express com, bright () sneakerz org, 
tlambert () primenet com, gwford () home com, vlad () infonet com ua, 
freebsd-lists-for-dayan-only-owner () egroups co uk, kimch () etri re kr, 
chris () calldei com, peter () guest-tek com, sudish () corp earthlink net, 
peter () wemm org, cristjc () earthlink net, yar () freebsd org, 
shalunov () internet2 edu, mike () sentex net, roy () its-sby edu, 
kjc () csl sony co jp, seichert () coopcomp com is infected with virus: 
Win32/Swen.A@mm.
Deze e-mail is gegenereerd door Skynet Mail Protection om u te waarschuwen dat
de e-mail gestuurd door gbs-vossem () pi be naar timofeev () granch ru, 
chris () aims com au, dcs () newsguy com, imp () harmony village org, 
ted () ness plymouth edu, deepak () ai net, bmilekic () technokratis com, 
randy () psg com, sthaug () nethelp no, shelton () sentry granch ru, 
danny_j_mitzel () yahoo com, tinguely () web cs ndsu nodak edu, charon () hell gr, 
jesper () skriver dk, anandfranklin () hotmail com, nascar24 () home nl, 
c.prevotaux () hexanet fr, reichert () numachi com, andy () tecc co uk, 
provos () citi umich edu, rtek () dolfijntje nl, jack_xiao99 () hotmail com, 
mark.blackman () netscalibur co uk, gunther () aurora regenstrief org, 
s_bschmi () ira uka de, vova () express ru, vlad () ariel phys wesleyan edu, 
lord () 4jon com, assar () freebsd org, peter.jeremy () alcatel com au, 
chaegle () mediaone net, brad () wcubed net, ewiz () mail dotcom fr, 
freedom () csie nctu edu tw, oberman () es net, wes () softweyr com, 
julian () elischer org, iedowse () maths tcd ie, sroberts84 () hotmail com, 
maddave () suxx eu org, ambrisko () ambrisko com, ari () suutari iki fi, 
bonnetf () news esiee fr!
 , lucky () land3 nsu ru, ume () freebsd org, crewking () buckeye-express com, 
bright () sneakerz org, tlambert () primenet com, gwford () home com, 
vlad () infonet com ua, freebsd-lists-for-dayan-only-owner () egroups co uk, 
kimch () etri re kr, chris () calldei com, peter () guest-tek com, 
sudish () corp earthlink net, peter () wemm org, cristjc () earthlink net, 
yar () freebsd org, shalunov () internet2 edu, mike () sentex net, 
roy () its-sby edu, kjc () csl sony co jp, seichert () coopcomp com geinfecteerd 
is met Win32/Swen.A@mm.
Ce mail est généré par Skynet Mail Protection afin de vous prévenir que 
l'e-mail envoyé par gbs-vossem () pi be à timofeev () granch ru, 
chris () aims com au, dcs () newsguy com, imp () harmony village org, 
ted () ness plymouth edu, deepak () ai net, bmilekic () technokratis com, 
randy () psg com, sthaug () nethelp no, shelton () sentry granch ru, 
danny_j_mitzel () yahoo com, tinguely () web cs ndsu nodak edu, charon () hell gr, 
jesper () skriver dk, anandfranklin () hotmail com, nascar24 () home nl, 
c.prevotaux () hexanet fr, reichert () numachi com, andy () tecc co uk, 
provos () citi umich edu, rtek () dolfijntje nl, jack_xiao99 () hotmail com, 
mark.blackman () netscalibur co uk, gunther () aurora regenstrief org, 
s_bschmi () ira uka de, vova () express ru, vlad () ariel phys wesleyan edu, 
lord () 4jon com, assar () freebsd org, peter.jeremy () alcatel com au, 
chaegle () mediaone net, brad () wcubed net, ewiz () mail dotcom fr, 
freedom () csie nctu edu tw, oberman () es net, wes () softweyr com, 
julian () elischer org, iedowse () maths tcd ie, sroberts84 () hotmail com, 
maddave () suxx eu org,!
  ambrisko () ambrisko com, ari () suutari iki fi, bonnetf () news esiee fr, 
lucky () land3 nsu ru, ume () freebsd org, crewking () buckeye-express com, 
bright () sneakerz org, tlambert () primenet com, gwford () home com, 
vlad () infonet com ua, freebsd-lists-for-dayan-only-owner () egroups co uk, 
kimch () etri re kr, chris () calldei com, peter () guest-tek com, 
sudish () corp earthlink net, peter () wemm org, cristjc () earthlink net, 
yar () freebsd org, shalunov () internet2 edu, mike () sentex net, 
roy () its-sby edu, kjc () csl sony co jp, seichert () coopcomp com est infecté 
par le virus : Win32/Swen.A@mm.

Please contact your system administrator for further information.
Gelieve uw systeembeheerder te contacteren voor meer informatie.
Veuillez contacter votre administrateur système pour de plus amples 
informations.

If you are the sender:
Indien u de zender bent:
Si vous êtes l'expéditeur:
-------------------
The scanned e-mail has your address in the <From> header field. Either your
computer is infected or someone's computer having your e-mail address in
the address book has been infected.
De gescande e-mail heeft uw adres in het <From> veld.  Dat betekent dat ofwel
jouw computer geinfecteerd is, ofwel dat iemand is geinfecteerd, die jouw 
e-mail
adres in zijn/haar adresboek heeft.
Le mail scanné contient votre adresse e-mail dans son en-tête <De>.
Soit votre ordinateur est infecté soit votre adresse e-mail est reprise dans
le carnet d'adresse d'un ordinateur infecté.

If you are the receiver:
Indien u de bestemmeling bent:
Si vous êtes le destinataire:
---------------------
Please contact the sender: most likely he/she doesn't know he/she has a 
computer virus.
Gelieve de zender te contacteren: hoogst waarschijnlijk weet hij/zij niet 
dat hij/zij
geinfecteerd is met een computer virus.
Veuillez contacter l'expéditeur: le plus souvent, il/elle ne sait pas que son
ordinateur est infecté.

Actions taken for the infected files:
Ondernomen actie voor de geinfecteerde bestanden:
Actions prises pour les fichiers infectés:
-------------------------------------


The infected file was saved to quarantine with name: 
1075720184-RAVi12B9bAP025868.
The file (part0004:Update.exe) attached to mail (with subject:net critical 
upgrade) sent by gbs-vossem () pi be to timofeev () granch ru, 
chris () aims com au, dcs () newsguy com, imp () harmony village org, 
ted () ness plymouth edu, deepak () ai net, bmilekic () technokratis com, 
randy () psg com, sthaug () nethelp no, shelton () sentry granch ru, 
danny_j_mitzel () yahoo com, tinguely () web cs ndsu nodak edu, charon () hell gr, 
jesper () skriver dk, anandfranklin () hotmail com, nascar24 () home nl, 
c.prevotaux () hexanet fr, reichert () numachi com, andy () tecc co uk, 
provos () citi umich edu, rtek () dolfijntje nl, jack_xiao99 () hotmail com, 
mark.blackman () netscalibur co uk, gunther () aurora regenstrief org, 
s_bschmi () ira uka de, vova () express ru, vlad () ariel phys wesleyan edu, 
lord () 4jon com, assar () freebsd org, peter.jeremy () alcatel com au, 
chaegle () mediaone net, brad () wcubed net, ewiz () mail dotcom fr, 
freedom () csie nctu edu tw, oberman () es net, wes () softweyr com, 
julian () elischer org, iedowse () maths tcd ie, sroberts84 () hotmail com, 
maddave () suxx eu org!
 , ambrisko () ambrisko com, ari () suutari iki fi, bonnetf () news esiee fr, 
lucky () land3 nsu ru, ume () freebsd org, crewking () buckeye-express com, 
bright () sneakerz org, tlambert () primenet com, gwford () home com, 
vlad () infonet com ua, freebsd-lists-for-dayan-only-owner () egroups co uk, 
kimch () etri re kr, chris () calldei com, peter () guest-tek com, 
sudish () corp earthlink net, peter () wemm org, cristjc () earthlink net, 
yar () freebsd org, shalunov () internet2 edu, mike () sentex net, 
roy () its-sby edu, kjc () csl sony co jp, seichert () coopcomp com
is infected with virus: Win32/Swen.A@mm.
The mail was not delivered because it contained dangerous code.

------------------------
this is a copy of the e-mail header:



RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212)

Scan engine 8.11 for i386.
Last update: Mon, 02 Feb 2004 04:36:04 +01
Scanning for 89407 malwares (viruses, trojans and worms).


--------------------------------------------------------------------
Mike Tancsa,                                            tel +1 519 651 3400
Sentex Communications,                          mike () sentex net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                       www.sentex.net/mike
Previous By Date Next
Previous By Thread Next

Current thread: