[29465] in North American Network Operators' Group
virus spreader from ptt.ru
daemon@ATHENA.MIT.EDU (Dana Hudes)
Sun Jun 25 23:51:57 2000
Message-ID: <008701bfdf21$953a3d40$3d5cdcd1@hudes.org>
From: "Dana Hudes" <dhudes@hudes.org>
To: <nanog@merit.edu>
Cc: <skrivoruchenko@ptt.ru>, <amasalov@na.ptt.ru>
Date: Sun, 25 Jun 2000 23:49:51 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: owner-nanog-outgoing@merit.edu
Hello. A dialup user in ptt.ru is sending out mass mail with a virus =
attached; tonight was the second time in as many days. The ISP has been =
notified but has not responded. You may wish to black hole their dialup =
port range to protect your network's mail systems.
Return-Path: <>
Received: from mail1.panix.com (mail1.panix.com [166.84.0.212])
by harmony.hudes.org (8.9.3/8.9.3) with ESMTP id MAA01055
for <dhudes@hudes.org>; Sun, 25 Jun 2000 12:05:53 -0400
Received: by mail1.panix.com (Postfix)
id 903E530F93; Sun, 25 Jun 2000 12:05:27 -0400 (EDT)
Delivered-To: dhudes@panix.com
Received: from dialup.ptt.ru (dialup.ptt.ru [195.34.0.100])
by mail1.panix.com (Postfix) with SMTP id 21A6730EC5
for <dhudes@panix.com>; Sun, 25 Jun 2000 12:05:07 -0400 (EDT)
Received: (qmail 13626 invoked from network); 25 Jun 2000 15:37:06 -0000
Received: from dialup-27028.dialup.ptt.ru (HELO pink) (195.34.27.28)
by dialup.ptt.ru with SMTP; 25 Jun 2000 15:37:06 -0000
To: web@download.ru
From: =C2=E0=F8@panix.com, =E7=E0=EA=E0=E7@panix.com
Subject: Mission(download)
Date: Sun, 25 Jun 2000 19:37:47 +0300
Message-Id: <36702.817908564815300.290@localhost>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=3Djuhbchtmlnhbclru
Status: =20
--juhbchtmlnhbclru
Content-Type: text/plain; charset=3Dwindows-1251
Content-Transfer-Encoding: 8bit
=C2=E0=F8 =E7=E0=EA=E0=E7 =EE=F2 DOWNLOAD.RU
Http://www.download.ru
=D1=EF=E0=F1=E8=E1=EE =E7=E0 =E2=E0=F8 =E2=FB=E1=EE=F0. =
=20
--juhbchtmlnhbclru
Content-Type: application/x-zip-compressed; =
name=3D"Mission(download).zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=3D"Mission(download).zip"
(Virus attachment deleted; if you really want it e-mail me a request)
--juhbchtmlnhbclru--
inetnum: 195.34.0.0 - 195.34.0.127
netname: PTT-1
descr: PTT-Teleport Moscow, JSC
descr: Russia, Moscow
country: RU
admin-c: SK6742-RIPE
tech-c: AVM1-RIPE
status: ASSIGNED PA
changed: netmst@ptt.ru 20000323
source: RIPE
route: 195.34.0.0/19
descr: PTTNET's first /19 block
origin: AS6795
notify: netmst@ptt.ru
mnt-by: PTTNET-RIPE-MNT
changed: netmst@ptt.ru 19980206
source: RIPE
