Weird email messages with "re:movie" and "re:application" in the subject line..
My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called "your_details.zip" and either "re:movie" and "re:application" from a whole bunch of other address I have never heard of.. New spam technique or some new virus, similar to a Melissa? Any body else seeing this? mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband
--On Wednesday, June 25, 2003 22:56:52 -0400 Mark Segal <MSegal@Corporate.FCIBroadband.com> wrote:
My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called "your_details.zip" and either "re:movie" and "re:application" from a whole bunch of other address I have never heard of..
New spam technique or some new virus, similar to a Melissa? Any body else seeing this?
W32/sobig.e@MM per McAffee..... in today's DAT files. LER
mark
-- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com
Futureway Communications Inc. is now FCI Broadband
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
W32/sobig.e@MM per McAffee.....
I seem to have done one better ... according to a M$ host in Level3-land, the Unix box right in front of me sent the mail in question. Someone at L3 needs to call home. The only L3 turd in my mail log is their inbound... Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=<administrator@Level3.com>, size=1711, class=0, nrcpts=1, msgid=<012d01c33b68$2bd14b40$d706010a@corp.global.level3.com>, proto=ESMTP, daemon=MTA, relay=machine77.Level3.com [209.244.4.106] Cheers, Eric ------- Forwarded Message Return-Path: administrator@Level3.com Delivery-Date: Wed Jun 25 18:21:11 2003 Return-Path: <administrator@Level3.com> Received: from f1ee40-19.idc1.level3.com (machine77.Level3.com [209.244.4.106]) by nic-naa.net (8.12.9/8.12.9) with ESMTP id h5PMLB5U024589 for <brunner@nic-naa.net>; Wed, 25 Jun 2003 18:21:11 -0400 (EDT) Received: from idc1exc0001.corp.global.level3.com (localhost [127.0.0.1]) by f1ee40-19.idc1.level3.com (8.8.8p2+Sun/8.8.8) with SMTP id WAA02577 for <brunner@nic-naa.net>; Wed, 25 Jun 2003 22:21:50 GMT Received: from idc1exc0005.corp.global.level3.com ([10.1.6.215]) by idc1exc0001.corp.global.level3.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 25 Jun 2003 16:21:49 -0600 Received: from mail pickup service by idc1exc0005.corp.global.level3.com with Microsoft SMTPSVC; Wed, 25 Jun 2003 16:21:49 -0600 thread-index: AcM7aCvRcfOY+VcOT2aAnuNoWHZmCQ== Thread-Topic: [MailServer Notification]Alert to Sender: File Attachment Blocked From: <Administrator@machine77.level3.com> Sender: <Administrator@machine77.level3.com> To: <brunner@nic-naa.net> Subject: [MailServer Notification]Alert to Sender: File Attachment Blocked Date: Wed, 25 Jun 2003 16:21:49 -0600 Message-ID: <012d01c33b68$2bd14b40$d706010a@corp.global.level3.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft CDO for Exchange 2000 Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 X-OriginalArrivalTime: 25 Jun 2003 22:21:49.0631 (UTC) FILETIME=[2BF044F0:01C33B68] ScanMail for Microsoft Exchange has blocked an attachment. Sender = brunner@nic-naa.net Recipient(s) = ops@genuity.com Subject = Re: Movie Scanning time = 06/25/2003 16:21:49 Action on file blocking: The attachment your_details.zi matches the file blocking settings. ScanMail has Deleted it. Attachment blocked due to extension match of .bat, .eml, .nws, .pif, .scr, .src, .shs, .vbe, .vbs, .com, or .exe. ------- End of Forwarded Message
New spam technique or some new virus, similar to a Melissa? Any body else seeing this?
We're seeing it here too, coming to role accounts. Our folks are saying virus, but haven't identified which one yet. Anne
Yep coming to my nanog email addy.
My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called "your_details.zip" and either "re:movie" and "re:application" from a whole bunch of other address I have never heard of..
New spam technique or some new virus, similar to a Melissa? Any body else seeing this?
mark
-- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com
Futureway Communications Inc. is now FCI Broadband
participants (5)
-
Anne P. Mitchell, Esq.
-
David Diaz
-
Eric Brunner-Williams in Portland Maine
-
Larry Rosenman
-
Mark Segal