other virus damages/costs.....(hello skynet.be ?)
Looking at my disk stats, my mail storage spool has grown by 15% in the past week not due the deluge of viruses which I can block and reject, but in large part to those idiotic "Hi, I am sorry in a happy idiotic way to inform you that the message you sent has a virus" messages.... As almost all of them forge their email address, what is the point of warning the "sender." Even better, I wake up this am to 285 (and growing) messages below telling me that someone at skynet is trying to send me a virus message and it cc's 64 other people. Nice. ---Mike
From: "Skynet Mail Protection" <support@skynet.be> To: gbs-vossem@pi.be To: timofeev@granch.ru To: chris@aims.com.au To: dcs@newsguy.com To: imp@harmony.village.org To: ted@ness.plymouth.edu To: deepak@ai.net To: bmilekic@technokratis.com To: randy@psg.com To: sthaug@nethelp.no To: shelton@sentry.granch.ru To: danny_j_mitzel@yahoo.com To: tinguely@web.cs.ndsu.nodak.edu To: charon@hell.gr To: jesper@skriver.dk To: anandfranklin@hotmail.com To: nascar24@home.nl To: c.prevotaux@hexanet.fr To: reichert@numachi.com To: andy@tecc.co.uk To: provos@citi.umich.edu To: rtek@dolfijntje.nl To: jack_xiao99@hotmail.com To: mark.blackman@netscalibur.co.uk To: gunther@aurora.regenstrief.org To: s_bschmi@ira.uka.de To: vova@express.ru To: vlad@ariel.phys.wesleyan.edu To: lord@4jon.com To: assar@freebsd.org To: peter.jeremy@alcatel.com.au To: chaegle@mediaone.net To: brad@wcubed.net To: ewiz@mail.dotcom.fr To: freedom@csie.nctu.edu.tw To: oberman@es.net To: wes@softweyr.com To: julian@elischer.org To: iedowse@maths.tcd.ie To: sroberts84@hotmail.com To: maddave@suxx.eu.org To: ambrisko@ambrisko.com To: ari@suutari.iki.fi To: bonnetf@plonk.esiee.fr To: lucky@land3.nsu.ru To: ume@freebsd.org To: crewking@buckeye-express.com To: bright@sneakerz.org To: tlambert@primenet.com To: gwford@home.com To: vlad@infonet.com.ua To: freebsd-lists-for-dayan-only-owner@egroups.co.uk To: kimch@etri.re.kr To: chris@calldei.com To: peter@guest-tek.com To: sudish@corp.earthlink.net To: peter@wemm.org To: cristjc@earthlink.net To: yar@freebsd.org To: shalunov@internet2.edu To: mike@sentex.net To: roy@its-sby.edu To: kjc@csl.sony.co.jp To: seichert@coopcomp.com Subject: Skynet Mail Protection scan results Date: Mon, 02 Feb 2004 12:09:44 +0100 Importance: high X-Mailer: ravmd/8.4.2 X-RAVMilter-Version: 8.4.3(snapshot 20030212) (september.skynet.be) X-Virus-Scanned: by amavisd-new X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on spamscanner4.sentex.ca X-Spam-Level: ***** X-Spam-Status: Yes, hits=5.7 required=5.1 tests=MAILTO_TO_SPAM_ADDR, MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,TW_JN,X_PRIORITY_HIGH, X_PRI_MISMATCH_HI autolearn=no version=2.63 X-Spam-Report: * 0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high * 0.1 TW_JN BODY: Odd Letter Triples with JN * 1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely spammer email * 1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE * 2.8 X_PRI_MISMATCH_HI 'X-Priority' does not match 'X-MSMail-Priority' * 0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't
----------------------- This e-mail is generated by Skynet Mail Protection to warn you that the e-mail sent by gbs-vossem@pi.be to timofeev@granch.ru, chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com, randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com, mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org, s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu, lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au, chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr, freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com, julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com, maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr, lucky@land3.nsu.! ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org, tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com is infected with virus: Win32/Swen.A@mm. Deze e-mail is gegenereerd door Skynet Mail Protection om u te waarschuwen dat de e-mail gestuurd door gbs-vossem@pi.be naar timofeev@granch.ru, chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com, randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com, mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org, s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu, lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au, chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr, freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com, julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com, maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr! , lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org, tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com geinfecteerd is met Win32/Swen.A@mm. Ce mail est généré par Skynet Mail Protection afin de vous prévenir que l'e-mail envoyé par gbs-vossem@pi.be à timofeev@granch.ru, chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com, randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com, mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org, s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu, lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au, chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr, freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com, julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com, maddave@suxx.eu.org,! ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr, lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org, tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com est infecté par le virus : Win32/Swen.A@mm.
Please contact your system administrator for further information. Gelieve uw systeembeheerder te contacteren voor meer informatie. Veuillez contacter votre administrateur système pour de plus amples informations.
If you are the sender: Indien u de zender bent: Si vous êtes l'expéditeur: ------------------- The scanned e-mail has your address in the <From> header field. Either your computer is infected or someone's computer having your e-mail address in the address book has been infected. De gescande e-mail heeft uw adres in het <From> veld. Dat betekent dat ofwel jouw computer geinfecteerd is, ofwel dat iemand is geinfecteerd, die jouw e-mail adres in zijn/haar adresboek heeft. Le mail scanné contient votre adresse e-mail dans son en-tête <De>. Soit votre ordinateur est infecté soit votre adresse e-mail est reprise dans le carnet d'adresse d'un ordinateur infecté.
If you are the receiver: Indien u de bestemmeling bent: Si vous êtes le destinataire: --------------------- Please contact the sender: most likely he/she doesn't know he/she has a computer virus. Gelieve de zender te contacteren: hoogst waarschijnlijk weet hij/zij niet dat hij/zij geinfecteerd is met een computer virus. Veuillez contacter l'expéditeur: le plus souvent, il/elle ne sait pas que son ordinateur est infecté.
Actions taken for the infected files: Ondernomen actie voor de geinfecteerde bestanden: Actions prises pour les fichiers infectés: -------------------------------------
The infected file was saved to quarantine with name: 1075720184-RAVi12B9bAP025868. The file (part0004:Update.exe) attached to mail (with subject:net critical upgrade) sent by gbs-vossem@pi.be to timofeev@granch.ru, chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com, randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com, mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org, s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu, lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au, chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr, freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com, julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com, maddave@suxx.eu.org! , ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr, lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org, tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com is infected with virus: Win32/Swen.A@mm. The mail was not delivered because it contained dangerous code.
------------------------ this is a copy of the e-mail header:
RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212)
Scan engine 8.11 for i386. Last update: Mon, 02 Feb 2004 04:36:04 +01 Scanning for 89407 malwares (viruses, trojans and worms).
-------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
our queue appears to increasing linearly since about last tuesday, since then its increased 3000%, theres a huge dip midday saturday (it goes down to one third its size in about 4hrs) then rapidly jumps up to higher than its pre-dip value thats messages tho, queue spool size hasnt gone up all that much, maybe 200% no idea about our storage spools... very odd!! Steve On Mon, 2 Feb 2004, Mike Tancsa wrote:
Looking at my disk stats, my mail storage spool has grown by 15% in the past week not due the deluge of viruses which I can block and reject, but in large part to those idiotic "Hi, I am sorry in a happy idiotic way to inform you that the message you sent has a virus" messages.... As almost all of them forge their email address, what is the point of warning the "sender." Even better, I wake up this am to 285 (and growing) messages below telling me that someone at skynet is trying to send me a virus message and it cc's 64 other people. Nice.
---Mike
From: "Skynet Mail Protection" <support@skynet.be> To: gbs-vossem@pi.be To: timofeev@granch.ru To: chris@aims.com.au To: dcs@newsguy.com To: imp@harmony.village.org To: ted@ness.plymouth.edu To: deepak@ai.net To: bmilekic@technokratis.com To: randy@psg.com To: sthaug@nethelp.no To: shelton@sentry.granch.ru To: danny_j_mitzel@yahoo.com To: tinguely@web.cs.ndsu.nodak.edu To: charon@hell.gr To: jesper@skriver.dk To: anandfranklin@hotmail.com To: nascar24@home.nl To: c.prevotaux@hexanet.fr To: reichert@numachi.com To: andy@tecc.co.uk To: provos@citi.umich.edu To: rtek@dolfijntje.nl To: jack_xiao99@hotmail.com To: mark.blackman@netscalibur.co.uk To: gunther@aurora.regenstrief.org To: s_bschmi@ira.uka.de To: vova@express.ru To: vlad@ariel.phys.wesleyan.edu To: lord@4jon.com To: assar@freebsd.org To: peter.jeremy@alcatel.com.au To: chaegle@mediaone.net To: brad@wcubed.net To: ewiz@mail.dotcom.fr To: freedom@csie.nctu.edu.tw To: oberman@es.net To: wes@softweyr.com To: julian@elischer.org To: iedowse@maths.tcd.ie To: sroberts84@hotmail.com To: maddave@suxx.eu.org To: ambrisko@ambrisko.com To: ari@suutari.iki.fi To: bonnetf@plonk.esiee.fr To: lucky@land3.nsu.ru To: ume@freebsd.org To: crewking@buckeye-express.com To: bright@sneakerz.org To: tlambert@primenet.com To: gwford@home.com To: vlad@infonet.com.ua To: freebsd-lists-for-dayan-only-owner@egroups.co.uk To: kimch@etri.re.kr To: chris@calldei.com To: peter@guest-tek.com To: sudish@corp.earthlink.net To: peter@wemm.org To: cristjc@earthlink.net To: yar@freebsd.org To: shalunov@internet2.edu To: mike@sentex.net To: roy@its-sby.edu To: kjc@csl.sony.co.jp To: seichert@coopcomp.com Subject: Skynet Mail Protection scan results Date: Mon, 02 Feb 2004 12:09:44 +0100 Importance: high X-Mailer: ravmd/8.4.2 X-RAVMilter-Version: 8.4.3(snapshot 20030212) (september.skynet.be) X-Virus-Scanned: by amavisd-new X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on spamscanner4.sentex.ca X-Spam-Level: ***** X-Spam-Status: Yes, hits=5.7 required=5.1 tests=MAILTO_TO_SPAM_ADDR, MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,TW_JN,X_PRIORITY_HIGH, X_PRI_MISMATCH_HI autolearn=no version=2.63 X-Spam-Report: * 0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high * 0.1 TW_JN BODY: Odd Letter Triples with JN * 1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely spammer email * 1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE * 2.8 X_PRI_MISMATCH_HI 'X-Priority' does not match 'X-MSMail-Priority' * 0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't
----------------------- This e-mail is generated by Skynet Mail Protection to warn you that the e-mail sent by gbs-vossem@pi.be to timofeev@granch.ru, chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com, randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com, mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org, s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu, lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au, chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr, freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com, julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com, maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr, lucky@land3.nsu.! ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org, tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com is infected with virus: Win32/Swen.A@mm. Deze e-mail is gegenereerd door Skynet Mail Protection om u te waarschuwen dat de e-mail gestuurd door gbs-vossem@pi.be naar timofeev@granch.ru, chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com, randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com, mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org, s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu, lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au, chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr, freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com, julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com, maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr! , lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org, tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com geinfecteerd is met Win32/Swen.A@mm. Ce mail est généré par Skynet Mail Protection afin de vous prévenir que l'e-mail envoyé par gbs-vossem@pi.be à timofeev@granch.ru, chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com, randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com, mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org, s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu, lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au, chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr, freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com, julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com, maddave@suxx.eu.org,! ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr, lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org, tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com est infecté par le virus : Win32/Swen.A@mm.
Please contact your system administrator for further information. Gelieve uw systeembeheerder te contacteren voor meer informatie. Veuillez contacter votre administrateur système pour de plus amples informations.
If you are the sender: Indien u de zender bent: Si vous êtes l'expéditeur: ------------------- The scanned e-mail has your address in the <From> header field. Either your computer is infected or someone's computer having your e-mail address in the address book has been infected. De gescande e-mail heeft uw adres in het <From> veld. Dat betekent dat ofwel jouw computer geinfecteerd is, ofwel dat iemand is geinfecteerd, die jouw e-mail adres in zijn/haar adresboek heeft. Le mail scanné contient votre adresse e-mail dans son en-tête <De>. Soit votre ordinateur est infecté soit votre adresse e-mail est reprise dans le carnet d'adresse d'un ordinateur infecté.
If you are the receiver: Indien u de bestemmeling bent: Si vous êtes le destinataire: --------------------- Please contact the sender: most likely he/she doesn't know he/she has a computer virus. Gelieve de zender te contacteren: hoogst waarschijnlijk weet hij/zij niet dat hij/zij geinfecteerd is met een computer virus. Veuillez contacter l'expéditeur: le plus souvent, il/elle ne sait pas que son ordinateur est infecté.
Actions taken for the infected files: Ondernomen actie voor de geinfecteerde bestanden: Actions prises pour les fichiers infectés: -------------------------------------
The infected file was saved to quarantine with name: 1075720184-RAVi12B9bAP025868. The file (part0004:Update.exe) attached to mail (with subject:net critical upgrade) sent by gbs-vossem@pi.be to timofeev@granch.ru, chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com, randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com, mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org, s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu, lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au, chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr, freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com, julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com, maddave@suxx.eu.org! , ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr, lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org, tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com is infected with virus: Win32/Swen.A@mm. The mail was not delivered because it contained dangerous code.
------------------------ this is a copy of the e-mail header:
RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212)
Scan engine 8.11 for i386. Last update: Mon, 02 Feb 2004 04:36:04 +01 Scanning for 89407 malwares (viruses, trojans and worms).
-------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
On Mon, 2 Feb 2004, Mike Tancsa wrote:
Looking at my disk stats, my mail storage spool has grown by 15% in the past week not due the deluge of viruses which I can block and reject, but in large part to those idiotic "Hi, I am sorry in a happy idiotic way to inform you that the message you sent has a virus" messages.... As almost all of them forge their email address, what is the point of warning the "sender." Even better, I wake up this am to 285 (and growing) messages below telling me that someone at skynet is trying to send me a virus message and it cc's 64 other people. Nice.
Enough people are sufficiently annoyed by antivirus notifications/advertisements that they're starting to ask for DNSBLs of systems that send them. I suspect before long, there will be some. But this really doesn't seem to be NANOG material. Try spam-l or spamtools. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
jlewis@lewis.org wrote:
Enough people are sufficiently annoyed by antivirus
notifications/advertisements that they're starting to ask for DNSBLs of systems that send them. I suspect before long, there will be some.
Already thought about it (and dismissed it)
But this really doesn't seem to be NANOG material. Try spam-l or spamtools.
It could be - it is a network issue - particually where so many people feel the need to reply with virus 'reports'... I know the virus mails and the virus reports certainly caused some issues network wise at Telstra recently. / Mat
On Mon, 02 Feb 2004 07:57:07 EST, Mike Tancsa <mike@sentex.net> said:
all of them forge their email address, what is the point of warning the "sender." Even better, I wake up this am to 285 (and growing) messages below telling me that someone at skynet is trying to send me a virus message and it cc's 64 other people. Nice.
And at least one of those other 64 will next time actually get a virus, where all those addresses will get used to seed the address scraper. Remember that hitting 'delete' usually doesn't actually wipe it off the disk in most MUAs....
Looking at my disk stats, my mail storage spool has grown by 15% in the past week not due the deluge of viruses which I can block and reject, but in large part to those idiotic "Hi, I am sorry in a happy idiotic way to inform you that the message you sent has a virus" messages.... As almost all of them forge their email address, what is the point of warning the "sender." Even better, I wake up this am to 285 (and growing) messages below telling me that someone at skynet is trying to send me a virus message and it cc's 64 other people. Nice.
# MyDoom craziness : * ^Subject:.*(\ \{Spam\?\} Warning: E-mail viruses detected|\ Anti-Virus Notification|\ BANNED FILENAME|\ Disallowed attachment type found in sent message|\ File blocked - ScanMail for Lotus|\ InterScan NT Alert|\ Message deleted|\ NAV detected a virus|\ Norton AntiVirus detected|\ RAV AntiVirus scan|\ Returned due to virus|\ Skynet Mail Protection|\ Symantec AntiVirus|\ Undeliverable: test|\ VIRUS \(.*\) IN MAIL FROM YOU|\ VIRUS \(.*\) IN MAIL TO YOU|\ VIRUS IN YOUR MAIL|\ Virus Detected by Network Assoc|\ Virus Notification|\ Virus found in a message you sent|\ Virus found in sent message\ ) $TRASH
On Mon, 2 Feb 2004, Randy Bush wrote: : # MyDoom craziness : : : * ^Subject:.*(\ Actually, Mydoom has a very detectable signature. It has both X-Priority and X-MSMail-Priority headers, but *neither* a X-Mailer nor X-MimeOLE header. These conditions make, for instance, SpamAssassin catch the worm easily. Based on all the available mailboxes I can scan from here, such a check should kill only Mydoom [and some spam]. Rolled that into a milter, and poof! -- -- Todd Vierling <tv@duh.org> <tv@pobox.com>
participants (7)
-
jlewis@lewis.org
-
Matthew Sullivan
-
Mike Tancsa
-
Randy Bush
-
Stephen J. Wilcox
-
Todd Vierling
-
Valdis.Kletnieks@vt.edu