Fair Warning.... -----Forwarded Message----- From: vscan@lerctr.org To: virusalert@lerctr.org Subject: FOUND VIRUS IN MAIL from <owner-nanog@merit.edu> Date: 17 Jun 2002 22:48:16 -0500 A virus was found in an email from: <owner-nanog@merit.edu> The message was addressed to: -> <ler@lerami.lerctr.org> The message has been quarantined as: /var/virusmails/virus-20020617-224816-21028 Here is the output of the scanner: Scanning /var/amavis/amavis-milter-4Oa4l925/parts/* Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-1.txt Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-2.html Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe Found the DDoS-Slack trojan !!! Summary report on /var/amavis/amavis-milter-4Oa4l925/parts/* File(s) Total files: ........... 3 Clean: ................. 2 Possibly Infected: ..... 1 Here are the headers: ------------------------- BEGIN HEADERS ----------------------------- Received: by trapdoor.merit.edu (Postfix) id 0FA7F9124E; Mon, 17 Jun 2002 23:46:02 -0400 (EDT) Delivered-To: nanog-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B621F9124F; Mon, 17 Jun 2002 23:46:01 -0400 (EDT) Delivered-To: nanog@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A61099124E for <nanog@trapdoor.merit.edu>; Mon, 17 Jun 2002 23:45:58 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 8CCEA5DE57; Mon, 17 Jun 2002 23:45:58 -0400 (EDT) Delivered-To: nanog@merit.edu Received: from web21109.mail.yahoo.com (web21109.mail.yahoo.com [216.136.227.111]) by segue.merit.edu (Postfix) with SMTP id D92105DE52 for <nanog@merit.edu>; Mon, 17 Jun 2002 23:45:57 -0400 (EDT) Message-ID: <20020618034556.54382.qmail@web21109.mail.yahoo.com> Received: from [68.36.89.121] by web21109.mail.yahoo.com via HTTP; Mon, 17 Jun 2002 20:45:56 PDT Date: Mon, 17 Jun 2002 20:45:56 -0700 (PDT) From: jim bruer <jim_teh_man@yahoo.com> Subject: ConfigMaker Beta To: nanog@merit.edu MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="0-340633384-1024371956=:50295" Sender: owner-nanog@merit.edu Precedence: bulk Errors-To: owner-nanog-outgoing@merit.edu X-Loop: nanog -------------------------- END HEADERS ------------------------------ -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
On Mon, Jun 17, 2002 at 11:03:07PM -0500, Larry Rosenman wrote:
Fair Warning....
If anyone didn't recognise the "I send you this file for your advice." line, and blindly runs attachments sent to mailing lists (especially this one), then honestly, they get what they deserve. I don't need to see my inbox filled with do-gooders stating the obvious (more than I already get, anyway)
On Mon, 2002-06-17 at 23:23, John Payne wrote:
On Mon, Jun 17, 2002 at 11:03:07PM -0500, Larry Rosenman wrote:
Fair Warning....
If anyone didn't recognise the "I send you this file for your advice." line, and blindly runs attachments sent to mailing lists (especially this one), then honestly, they get what they deserve.
I don't need to see my inbox filled with do-gooders stating the obvious (more than I already get, anyway)
I didn't see the mail, just my virus scanner going off. I figured SOMEONE might actually care. I guess not. I won't bother the next time.
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
I could not get this virus to execute on my BSD box, the binary must be corrupt. Clearly this person did not study their target audience. Regards, James On 17 Jun 2002, Larry Rosenman wrote:
Fair Warning....
-----Forwarded Message-----
From: vscan@lerctr.org To: virusalert@lerctr.org Subject: FOUND VIRUS IN MAIL from <owner-nanog@merit.edu> Date: 17 Jun 2002 22:48:16 -0500
A virus was found in an email from:
<owner-nanog@merit.edu>
The message was addressed to:
-> <ler@lerami.lerctr.org>
The message has been quarantined as:
/var/virusmails/virus-20020617-224816-21028
Here is the output of the scanner:
Scanning /var/amavis/amavis-milter-4Oa4l925/parts/* Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-1.txt Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-2.html Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe Found the DDoS-Slack trojan !!!
Summary report on /var/amavis/amavis-milter-4Oa4l925/parts/* File(s) Total files: ........... 3 Clean: ................. 2 Possibly Infected: ..... 1
Here are the headers:
------------------------- BEGIN HEADERS ----------------------------- Received: by trapdoor.merit.edu (Postfix) id 0FA7F9124E; Mon, 17 Jun 2002 23:46:02 -0400 (EDT) Delivered-To: nanog-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B621F9124F; Mon, 17 Jun 2002 23:46:01 -0400 (EDT) Delivered-To: nanog@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A61099124E for <nanog@trapdoor.merit.edu>; Mon, 17 Jun 2002 23:45:58 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 8CCEA5DE57; Mon, 17 Jun 2002 23:45:58 -0400 (EDT) Delivered-To: nanog@merit.edu Received: from web21109.mail.yahoo.com (web21109.mail.yahoo.com [216.136.227.111]) by segue.merit.edu (Postfix) with SMTP id D92105DE52 for <nanog@merit.edu>; Mon, 17 Jun 2002 23:45:57 -0400 (EDT) Message-ID: <20020618034556.54382.qmail@web21109.mail.yahoo.com> Received: from [68.36.89.121] by web21109.mail.yahoo.com via HTTP; Mon, 17 Jun 2002 20:45:56 PDT Date: Mon, 17 Jun 2002 20:45:56 -0700 (PDT) From: jim bruer <jim_teh_man@yahoo.com> Subject: ConfigMaker Beta To: nanog@merit.edu MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="0-340633384-1024371956=:50295" Sender: owner-nanog@merit.edu Precedence: bulk Errors-To: owner-nanog-outgoing@merit.edu X-Loop: nanog -------------------------- END HEADERS ------------------------------ -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
participants (3)
-
James Thomason
-
John Payne
-
Larry Rosenman