[48808] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Fwd: FOUND VIRUS IN MAIL

daemon@ATHENA.MIT.EDU (James Thomason)
Tue Jun 18 12:26:48 2002

Date: Tue, 18 Jun 2002 09:24:08 -0700 (PDT)
From: James Thomason <james@divide.org>
To: Larry Rosenman <ler@lerctr.org>
Cc: nanog@merit.edu
In-Reply-To: <1024372988.2128.2.camel@lerlaptop>
Errors-To: owner-nanog-outgoing@merit.edu


I could not get this virus to execute on my BSD box, the binary must
be corrupt.  

Clearly this person did not study their target audience. 

Regards, 
James


On 17 Jun 2002, Larry Rosenman wrote:

> 
> Fair Warning....
> 
> 
> 
> -----Forwarded Message-----
> 
> From: vscan@lerctr.org
> To: virusalert@lerctr.org
> Subject: FOUND VIRUS IN MAIL from <owner-nanog@merit.edu>
> Date: 17 Jun 2002 22:48:16 -0500
> 
> A virus was found in an email from:
> 
> <owner-nanog@merit.edu>
> 
> The message was addressed to: 
> 
> -> <ler@lerami.lerctr.org>
> 
> The message has been quarantined as:
> 
> /var/virusmails/virus-20020617-224816-21028
> 
> Here is the output of the scanner:
> 
> Scanning /var/amavis/amavis-milter-4Oa4l925/parts/*
> Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-1.txt
> Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-2.html
> Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe
> /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe
>         Found the DDoS-Slack trojan !!!
> 
> Summary report on /var/amavis/amavis-milter-4Oa4l925/parts/*
> File(s)
>         Total files: ...........       3
>         Clean: .................       2
>         Possibly Infected: .....       1
> 
> Here are the headers:
> 
> ------------------------- BEGIN HEADERS -----------------------------
> Received: by trapdoor.merit.edu (Postfix)
> 	id 0FA7F9124E; Mon, 17 Jun 2002 23:46:02 -0400 (EDT)
> Delivered-To: nanog-outgoing@trapdoor.merit.edu
> Received: by trapdoor.merit.edu (Postfix, from userid 56)
> 	id B621F9124F; Mon, 17 Jun 2002 23:46:01 -0400 (EDT)
> Delivered-To: nanog@trapdoor.merit.edu
> Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
> 	by trapdoor.merit.edu (Postfix) with ESMTP id A61099124E
> 	for <nanog@trapdoor.merit.edu>; Mon, 17 Jun 2002 23:45:58 -0400 (EDT)
> Received: by segue.merit.edu (Postfix)
> 	id 8CCEA5DE57; Mon, 17 Jun 2002 23:45:58 -0400 (EDT)
> Delivered-To: nanog@merit.edu
> Received: from web21109.mail.yahoo.com (web21109.mail.yahoo.com [216.136.227.111])
> 	by segue.merit.edu (Postfix) with SMTP id D92105DE52
> 	for <nanog@merit.edu>; Mon, 17 Jun 2002 23:45:57 -0400 (EDT)
> Message-ID: <20020618034556.54382.qmail@web21109.mail.yahoo.com>
> Received: from [68.36.89.121] by web21109.mail.yahoo.com via HTTP; Mon, 17 Jun 2002 20:45:56 PDT
> Date: Mon, 17 Jun 2002 20:45:56 -0700 (PDT)
> From: jim bruer <jim_teh_man@yahoo.com>
> Subject: ConfigMaker Beta 
> To: nanog@merit.edu
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="0-340633384-1024371956=:50295"
> Sender: owner-nanog@merit.edu
> Precedence: bulk
> Errors-To: owner-nanog-outgoing@merit.edu
> X-Loop: nanog
> -------------------------- END HEADERS ------------------------------
> -- 
> Larry Rosenman                     http://www.lerctr.org/~ler
> Phone: +1 972-414-9812                 E-Mail: ler@lerctr.org
> US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[48808] in North American Network Operators' Group

Re: Fwd: FOUND VIRUS IN MAIL

daemon@ATHENA.MIT.EDU (James Thomason)Tue Jun 18 12:26:48 2002

daemon@ATHENA.MIT.EDU (James Thomason)
Tue Jun 18 12:26:48 2002