VIRUS (Worm.SCO.A) IN YOUR MAIL (fwd)

Dan Barrett nullpointer at pobox.com
Tue Jan 27 12:38:36 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 27 January 2004 11:27, David Kramer wrote:
> 
> I just got this.  As far as I know, my relays are closed tight and my 
> firewall is solid.  Is this spam?
> 
> Could someone try relaying through thekramers.net and let me know if it 
> fails or succeeds?
> 

$ telnet thekramers.net 25
Trying 66.92.68.235...
Connected to thekramers.net.
Escape character is '^]'.
220 uni.thekramers.net ESMTP Postfix
MAIL FROM:test at thekramers.net
250 Ok
RCPT TO:dbx at pobox.com
554 <dbx at pobox.com>: Relay access denied











> I can't see anything I sent to them:
> [root at uni /var/log]# grep surfnet.nl *
> [root at uni /var/log]# grep hsbos.nl *
> mail:Jan 27 08:39:27 uni postfix/smtpd[14647]: connect from 
> mail.hsbos.nl[192.87.129.131]
> mail:Jan 27 08:39:27 uni postfix/smtpd[14647]: B08F31C6C9: 
> client=mail.hsbos.nl[192.87.129.131]
> mail:Jan 27 08:39:28 uni postfix/cleanup[14649]: B08F31C6C9: 
> message-id=<VSXXD4dveo at mail.hsbos.nl>
> mail:Jan 27 08:39:28 uni spamd[14720]: processing message 
> <VSXXD4dveo at mail.hsbos.nl> for david:500.
> mail:Jan 27 08:39:28 uni postfix/smtpd[14647]: disconnect from 
> mail.hsbos.nl[192.87.129.131]
> mail.info:Jan 27 08:39:27 uni postfix/smtpd[14647]: connect from 
> mail.hsbos.nl[192.87.129.131]
> mail.info:Jan 27 08:39:27 uni postfix/smtpd[14647]: B08F31C6C9: 
> client=mail.hsbos.nl[192.87.129.131]
> mail.info:Jan 27 08:39:28 uni postfix/cleanup[14649]: B08F31C6C9: 
> message-id=<VSXXD4dveo at mail.hsbos.nl>
> mail.info:Jan 27 08:39:28 uni spamd[14720]: processing message 
> <VSXXD4dveo at mail.hsbos.nl> for david:500.
> mail.info:Jan 27 08:39:28 uni postfix/smtpd[14647]: disconnect from 
> mail.hsbos.nl[192.87.129.131]
> 
> 
> Remaining secure is a priority for me, so please help me out and let me 
> know what you think.  See attached message.
> 
> --
> DDDD   David Kramer         david at thekramers.net       http://thekramers.net
> DK KD
> DKK D  Buckle up for safety!
> DK KD  It makes it harder for the aliens to suck you out of your car.
> DDDD   
> 
> 
> 
> 
> ---------- Forwarded message ----------
> Date: Tue, 27 Jan 2004 14:39:36 +0100 (CET)
> From: Anti-Virus <virusmelding at hsbos.nl>
> To: david at thekramers.net
> Subject: VIRUS (Worm.SCO.A) IN YOUR MAIL
> 
> VIRUS ALERT
> 
> Our virus checker found
>     virus: Worm.SCO.A
> in your email to the following recipient:
> -> pschouten at hsbos.nl
> 
> Delivery of the email was stopped!
> 
> Please check your system for viruses,
> or ask your system administrator to do so.
> 
> For your reference, here are headers from your email:
> ------------------------- BEGIN HEADERS -----------------------------
> Received: from thekramers.net (unknown [65.203.121.147])
> 	by relay.surfnet.nl (Postfix) with ESMTP id AF6C63F461
> 	for <pschouten at hsbos.nl>; Tue, 27 Jan 2004 14:37:23 +0100 (MET)
> From: david at thekramers.net
> To: pschouten at hsbos.nl
> Subject: Mail Delivery System
> Date: Tue, 27 Jan 2004 07:38:47 -0600
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> 	boundary="----=_NextPart_000_0010_EE6E125F.674244BF"
> X-Priority: 3
> X-MSMail-Priority: Normal
> Message-Id: <20040127133723.AF6C63F461 at relay.surfnet.nl>
> -------------------------- END HEADERS ------------------------------

- -- 
Re-Elect Nixon / Cheney 2004!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAFqIcsIjNiQTGkXARAo2tAJ9j3HmN28ZklIcu/6Ol3ut+06lKpQCgwmOx
Nh/ZG1pj9pFk39l/d1D2T2Y=
=xQii
-----END PGP SIGNATURE-----




More information about the Discuss mailing list