Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: properties in e-mail from sexyfun
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: properties in e-mail from sexyfun
  • From: "Jay D. Dyson" <[EMAIL PROTECTED]>
  • Date: Sat, 13 Jan 2001 19:47:58 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jan 2001, Kelly Reid wrote:

> Following is the properties from the email from sexyfun.  I'm interested
> in knowing who this came from so that they can get their machine
> scanned.

	The "From:" line is just the product of a trojan/worm.  Here's the
point of injection:

> Received: from moperr01-98.midwest.net (HELO computer) ([208.235.39.108]) (envelope-sender <>)
>           by 10.209.20.32 (qmail-ldap-1.03) with SMTP
>           for <[EMAIL PROTECTED]>; 12 Jan 2001 04:25:11 -0000

	It looks as if someone on the MIDWEST.NET site's intranet got
spanked with this trojan/worm (hence the 10.209.20.32 address).  I'd
suggest you contact the folks at Midwest Internet as it appears this came
from one of their employees.

	The ARIN database indicates the following contact info, but you
will likely want to cc: the postmaster & abuse addresses as well to make
sure this gets quick attention.

Midwest Internet (NETBLK-UU-208-235)
   300 E. Main St.
   Carbondale, IL 62901
   US

   Netname: UU-208-235
   Netblock: 208.235.0.0 - 208.235.63.255
   Maintainer: MIDI

   Coordinator:
      Baird, Curtis  (BC247-ARIN)  [EMAIL PROTECTED]
      (618) 529-7271

- -Jay

   (                                                            ______
   ))   .-- "There's always time for a good cup of coffee" --.   >===<--.
 C|~~| (>------- Jay D. Dyson -- [EMAIL PROTECTED] -------<) |   = |-'
  `--'  `------ ...You can have my absence of faith... ------'  `-----'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: E-mail me for my PGP Public Key.

iQCVAwUBOl9x6tCClfiU/BIVAQG6BAQAzB70KkLJTuy1rxf3D3BC9gMEEH5Rwl2P
YTCWXADdGdBhKo7X6xydwpV4nhZuP9UW+dy8NUuoxLVVQ5aNBeRK7OUrX95uoMJE
ycygCaqGSpWiBOIZBs0gIp+BBXYpFqtyjAz+2ODpqlqsMcVwbEoWMRr63YHccUq7
XcGfJCdrVuo=
=a0qr
-----END PGP SIGNATURE-----
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.