[67082] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
other virus damages/costs.....(hello skynet.be ?)

daemon@ATHENA.MIT.EDU (Mike Tancsa)
Mon Feb 2 07:58:04 2004

Date: Mon, 02 Feb 2004 07:57:07 -0500
To: nanog@nanog.org
From: Mike Tancsa <mike@sentex.net>
Errors-To: owner-nanog-outgoing@merit.edu



Looking at my disk stats, my mail storage spool has grown by 15% in the=20
past week not due the deluge of viruses which I can block and reject, but=20
in large part to those idiotic "Hi, I am sorry in a happy idiotic way to=20
inform you that the message you sent has a virus" messages....  As almost=20
all of them forge their email address, what is the point of warning the=20
"sender."  Even better, I wake up this am to 285 (and growing) messages=20
below telling me that someone at skynet is trying to send me a virus=20
message and it cc's 64 other people.  Nice.


         ---Mike

>From: "Skynet Mail Protection" <support@skynet.be>
>To: gbs-vossem@pi.be
>To: timofeev@granch.ru
>To: chris@aims.com.au
>To: dcs@newsguy.com
>To: imp@harmony.village.org
>To: ted@ness.plymouth.edu
>To: deepak@ai.net
>To: bmilekic@technokratis.com
>To: randy@psg.com
>To: sthaug@nethelp.no
>To: shelton@sentry.granch.ru
>To: danny_j_mitzel@yahoo.com
>To: tinguely@web.cs.ndsu.nodak.edu
>To: charon@hell.gr
>To: jesper@skriver.dk
>To: anandfranklin@hotmail.com
>To: nascar24@home.nl
>To: c.prevotaux@hexanet.fr
>To: reichert@numachi.com
>To: andy@tecc.co.uk
>To: provos@citi.umich.edu
>To: rtek@dolfijntje.nl
>To: jack_xiao99@hotmail.com
>To: mark.blackman@netscalibur.co.uk
>To: gunther@aurora.regenstrief.org
>To: s_bschmi@ira.uka.de
>To: vova@express.ru
>To: vlad@ariel.phys.wesleyan.edu
>To: lord@4jon.com
>To: assar@freebsd.org
>To: peter.jeremy@alcatel.com.au
>To: chaegle@mediaone.net
>To: brad@wcubed.net
>To: ewiz@mail.dotcom.fr
>To: freedom@csie.nctu.edu.tw
>To: oberman@es.net
>To: wes@softweyr.com
>To: julian@elischer.org
>To: iedowse@maths.tcd.ie
>To: sroberts84@hotmail.com
>To: maddave@suxx.eu.org
>To: ambrisko@ambrisko.com
>To: ari@suutari.iki.fi
>To: bonnetf@plonk.esiee.fr
>To: lucky@land3.nsu.ru
>To: ume@freebsd.org
>To: crewking@buckeye-express.com
>To: bright@sneakerz.org
>To: tlambert@primenet.com
>To: gwford@home.com
>To: vlad@infonet.com.ua
>To: freebsd-lists-for-dayan-only-owner@egroups.co.uk
>To: kimch@etri.re.kr
>To: chris@calldei.com
>To: peter@guest-tek.com
>To: sudish@corp.earthlink.net
>To: peter@wemm.org
>To: cristjc@earthlink.net
>To: yar@freebsd.org
>To: shalunov@internet2.edu
>To: mike@sentex.net
>To: roy@its-sby.edu
>To: kjc@csl.sony.co.jp
>To: seichert@coopcomp.com
>Subject: Skynet Mail Protection scan results
>Date: Mon, 02 Feb 2004 12:09:44 +0100
>Importance: high
>X-Mailer: ravmd/8.4.2
>X-RAVMilter-Version: 8.4.3(snapshot 20030212) (september.skynet.be)
>X-Virus-Scanned: by amavisd-new
>X-Spam-Flag: YES
>X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
>         spamscanner4.sentex.ca
>X-Spam-Level: *****
>X-Spam-Status: Yes, hits=3D5.7 required=3D5.1 tests=3DMAILTO_TO_SPAM_ADDR,
>         MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,TW_JN,X_PRIORITY_HIGH,
>         X_PRI_MISMATCH_HI autolearn=3Dno version=3D2.63
>X-Spam-Report:
>         *  0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
>         *  0.1 TW_JN BODY: Odd Letter Triples with JN
>         *  1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely=20
> spammer email
>         *  1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no=20
> X-MimeOLE
>         *  2.8 X_PRI_MISMATCH_HI 'X-Priority' does not match=20
> 'X-MSMail-Priority'
>         *  0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't
>
>
>
>-----------------------
>This e-mail is generated by Skynet Mail Protection to warn you that the=
 e-mail
>sent by gbs-vossem@pi.be to timofeev@granch.ru, chris@aims.com.au,=20
>dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu,=20
>deepak@ai.net, bmilekic@technokratis.com, randy@psg.com,=20
>sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com,=20
>tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk,=20
>anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr,=20
>reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu,=20
>rtek@dolfijntje.nl, jack_xiao99@hotmail.com,=20
>mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,=20
>s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,=20
>lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,=20
>chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,=20
>freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,=20
>julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,=20
>maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi,=20
>bonnetf@news.esiee.fr, lucky@land3.nsu.!
>  ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org,=
=20
> tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua,=20
> freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr,=20
> chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net,=20
> peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org,=20
> shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu,=20
> kjc@csl.sony.co.jp, seichert@coopcomp.com is infected with virus:=20
> Win32/Swen.A@mm.
>Deze e-mail is gegenereerd door Skynet Mail Protection om u te waarschuwen=
 dat
>de e-mail gestuurd door gbs-vossem@pi.be naar timofeev@granch.ru,=20
>chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org,=20
>ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com,=20
>randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru,=20
>danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr,=
=20
>jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl,=20
>c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk,=20
>provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com,=20
>mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,=20
>s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,=20
>lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,=20
>chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,=20
>freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,=20
>julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,=20
>maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi,=20
>bonnetf@news.esiee.fr!
>  , lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com,=20
> bright@sneakerz.org, tlambert@primenet.com, gwford@home.com,=20
> vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk,=20
> kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com,=20
> sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net,=20
> yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net,=20
> roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com geinfecteerd=20
> is met Win32/Swen.A@mm.
>Ce mail est g=E9n=E9r=E9 par Skynet Mail Protection afin de vous pr=E9venir=
 que=20
>l'e-mail envoy=E9 par gbs-vossem@pi.be =E0 timofeev@granch.ru,=20
>chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org,=20
>ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com,=20
>randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru,=20
>danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr,=
=20
>jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl,=20
>c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk,=20
>provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com,=20
>mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,=20
>s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,=20
>lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,=20
>chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,=20
>freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,=20
>julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,=20
>maddave@suxx.eu.org,!
>   ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr,=20
> lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com,=20
> bright@sneakerz.org, tlambert@primenet.com, gwford@home.com,=20
> vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk,=20
> kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com,=20
> sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net,=20
> yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net,=20
> roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com est infect=E9=
=20
> par le virus : Win32/Swen.A@mm.
>
>Please contact your system administrator for further information.
>Gelieve uw systeembeheerder te contacteren voor meer informatie.
>Veuillez contacter votre administrateur syst=E8me pour de plus amples=20
>informations.
>
>If you are the sender:
>Indien u de zender bent:
>Si vous =EAtes l'exp=E9diteur:
>-------------------
>The scanned e-mail has your address in the <From> header field. Either your
>computer is infected or someone's computer having your e-mail address in
>the address book has been infected.
>De gescande e-mail heeft uw adres in het <From> veld.  Dat betekent dat=
 ofwel
>jouw computer geinfecteerd is, ofwel dat iemand is geinfecteerd, die jouw=
=20
>e-mail
>adres in zijn/haar adresboek heeft.
>Le mail scann=E9 contient votre adresse e-mail dans son en-t=EAte <De>.
>Soit votre ordinateur est infect=E9 soit votre adresse e-mail est reprise=
 dans
>le carnet d'adresse d'un ordinateur infect=E9.
>
>If you are the receiver:
>Indien u de bestemmeling bent:
>Si vous =EAtes le destinataire:
>---------------------
>Please contact the sender: most likely he/she doesn't know he/she has a=20
>computer virus.
>Gelieve de zender te contacteren: hoogst waarschijnlijk weet hij/zij niet=
=20
>dat hij/zij
>geinfecteerd is met een computer virus.
>Veuillez contacter l'exp=E9diteur: le plus souvent, il/elle ne sait pas que=
 son
>ordinateur est infect=E9.
>
>Actions taken for the infected files:
>Ondernomen actie voor de geinfecteerde bestanden:
>Actions prises pour les fichiers infect=E9s:
>-------------------------------------
>
>
>The infected file was saved to quarantine with name:=20
>1075720184-RAVi12B9bAP025868.
>The file (part0004:Update.exe) attached to mail (with subject:net critical=
=20
>upgrade) sent by gbs-vossem@pi.be to timofeev@granch.ru,=20
>chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org,=20
>ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com,=20
>randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru,=20
>danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr,=
=20
>jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl,=20
>c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk,=20
>provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com,=20
>mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,=20
>s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,=20
>lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,=20
>chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,=20
>freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,=20
>julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,=20
>maddave@suxx.eu.org!
>  , ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr,=20
> lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com,=20
> bright@sneakerz.org, tlambert@primenet.com, gwford@home.com,=20
> vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk,=20
> kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com,=20
> sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net,=20
> yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net,=20
> roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com
>is infected with virus: Win32/Swen.A@mm.
>The mail was not delivered because it contained dangerous code.
>
>------------------------
>this is a copy of the e-mail header:
>
>
>
>RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212)
>
>Scan engine 8.11 for i386.
>Last update: Mon, 02 Feb 2004 04:36:04 +01
>Scanning for 89407 malwares (viruses, trojans and worms).

--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  mike@sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[67082] in North American Network Operators' Group

other virus damages/costs.....(hello skynet.be ?)

daemon@ATHENA.MIT.EDU (Mike Tancsa)Mon Feb 2 07:58:04 2004

daemon@ATHENA.MIT.EDU (Mike Tancsa)
Mon Feb 2 07:58:04 2004
