{VIRUS?} undeliverable mail returned to mailer
Christian Reis
kiko at async.com.br
Sun Sep 21 14:27:47 BRT 2003
Este é um informe de Spam gerado pelo spambot da Async Open Source
para distribuição nas listas spambr-new e spam at async. Uma mensagem
semelhante foi enviada ao serviço spamcop.net e ao grupo Usenet
news.admin.net-abuse.sightings. O spam parece originar do host:
Aparentemente originado de: UNKNOWN [202.5.113.12]
Total de cabecalhos: 2
Cabecalhos falsos: 0
Cabecalhos ignorados: 0
Dados do whois seguem:
[Cached]
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 202.5.96.0 - 202.5.127.255
netname: TECH-2U
descr: TECH 2U Pty Limited
descr: 16 Princes Street
descr: Turramurra, NSW, 2074
country: AU
admin-c: MV27-AP
tech-c: MV27-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-AU-TECH2U
changed: hostmaster at apnic.net 19981221
changed: hm-change at apnic.net 20020625
status: ALLOCATED PORTABLE
source: APNIC
person: Malcolm Valentine
address: 16 Princes Street
address: Turramurra, NSW, 2074
country: AU
phone: +61-2-9440-9011
fax-no: +61-2-9440-9022
e-mail: mvals at tech2u.com.au
nic-hdl: MV27-AP
mnt-by: MAINT-AU-TECH2U
changed: mvals at tech2u.com.au 20020625
source: APNIC
The raw message forwarded to me follows:
------------------------------------------------------------------------
Return-Path: <mwyborn at tech2u.com.au>
Received: from hobbit.tech2u.com.au (mail.tech2u.com.au [210.8.95.6])
by anthem.async.com.br (8.12.3/8.12.3) with ESMTP id h8L96Ajv013215
for <kiko at ASYNC-MUNGED-ME>; Sun, 21 Sep 2003 06:06:12 -0300
Received: from gdoedtrn (d113-012.elf.tech2u.com.au [202.5.113.12] (may be
forged))
by hobbit.tech2u.com.au (8.11.6/8.11.6) with SMTP id h8L90JF14839;
Sun, 21 Sep 2003 19:00:20 +1000
Date: Sun, 21 Sep 2003 19:00:20 +1000
Message-Id: <200309210900.h8L90JF14839 at hobbit.tech2u.com.au>
FROM: "Net Email System" <lmailprogram at microsoft.net>
TO: "inet receiver" <user at smtpserver.com>
Subject: {VIRUS?} undeliverable mail returned to mailer
Mime-Version: 1.0
content-type: multipart/mixed; boundary="wnlvwrmvislkcpj"
X-MailScanner: Found to be infected
X-Spambayes-Classification: unsure; 0.67
--wnlvwrmvislkcpj
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<HTML><P><B><FONT SIZE=3D"+1" COLOR=3D"red">Warning: </FONT>This message ha=
s had one or more attachments removed. Please read the "VirusWarning.txt" a=
ttachment(s) for more information.</B><BR></P>
<HEAD></HEAD>
<BODY>
<iframe src=3D"cid:hkeerglhsxse" height=3D0 width=3D0></iframe>
<BR><BR><BR>Undeliverable message to <B>thzdfl at microsoft.net</B>
</BODY></HTML>
--wnlvwrmvislkcpj
Content-Type: text/plain; charset="us-ascii"; name="VirusWarning.txt"
Content-Disposition: attachment; filename="VirusWarning.txt"
Content-Transfer-Encoding: quoted-printable
This is a message from the TECH 2U Internet Services Mail Server
----------------------------------------------------------------------
Our mail server has detected a problem with a mail=20
message addressed to this email address.
The original e-mail contained an attachment called "gjfsaekb.exe"=20
which was believed to be infected by a virus. It has therefore
been replaced by this warning message.
If you wish to receive a copy of the possibly *infected* attachment,=20
please send an e-mail request to postmaster at tech2u.com.au and=20
include the whole of this message in your request. Alternatively,=20
you can give us a call, with the contents of this message available=20
when you call.
Message to Help Desk follows: At Sun Sep 21 19:01:35 2003 the virus scanner=
said:
gjfsaekb.exe has Infection: W32 Swen at MM
Note to Help Desk follows:
Look on the MailScanner in /var/spool/MailScanner/quarantine (message h8L90=
JF14839).
--=20
Postmaster
--wnlvwrmvislkcpj--
More information about the Spam
mailing list