[67084] in North American Network Operators' Group
Re: other virus damages/costs.....(hello skynet.be ?)
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Mon Feb 2 08:09:18 2004
Date: Mon, 2 Feb 2004 13:08:37 +0000 (GMT)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Mike Tancsa <mike@sentex.net>
Cc: nanog@nanog.org
In-Reply-To: <6.0.1.1.0.20040202074807.0532dfa8@209.112.4.2>
Errors-To: owner-nanog-outgoing@merit.edu
our queue appears to increasing linearly since about last tuesday, since th=
en
its increased 3000%, theres a huge dip midday saturday (it goes down to one
third its size in about 4hrs) then rapidly jumps up to higher than its pre-=
dip
value
thats messages tho, queue spool size hasnt gone up all that much, maybe 200=
%
no idea about our storage spools...
very odd!!
Steve
On Mon, 2 Feb 2004, Mike Tancsa wrote:
>=20
>=20
> Looking at my disk stats, my mail storage spool has grown by 15% in the=
=20
> past week not due the deluge of viruses which I can block and reject, but=
=20
> in large part to those idiotic "Hi, I am sorry in a happy idiotic way to=
=20
> inform you that the message you sent has a virus" messages.... As almost=
=20
> all of them forge their email address, what is the point of warning the=
=20
> "sender." Even better, I wake up this am to 285 (and growing) messages=
=20
> below telling me that someone at skynet is trying to send me a virus=20
> message and it cc's 64 other people. Nice.
>=20
>=20
> ---Mike
>=20
> >From: "Skynet Mail Protection" <support@skynet.be>
> >To: gbs-vossem@pi.be
> >To: timofeev@granch.ru
> >To: chris@aims.com.au
> >To: dcs@newsguy.com
> >To: imp@harmony.village.org
> >To: ted@ness.plymouth.edu
> >To: deepak@ai.net
> >To: bmilekic@technokratis.com
> >To: randy@psg.com
> >To: sthaug@nethelp.no
> >To: shelton@sentry.granch.ru
> >To: danny_j_mitzel@yahoo.com
> >To: tinguely@web.cs.ndsu.nodak.edu
> >To: charon@hell.gr
> >To: jesper@skriver.dk
> >To: anandfranklin@hotmail.com
> >To: nascar24@home.nl
> >To: c.prevotaux@hexanet.fr
> >To: reichert@numachi.com
> >To: andy@tecc.co.uk
> >To: provos@citi.umich.edu
> >To: rtek@dolfijntje.nl
> >To: jack_xiao99@hotmail.com
> >To: mark.blackman@netscalibur.co.uk
> >To: gunther@aurora.regenstrief.org
> >To: s_bschmi@ira.uka.de
> >To: vova@express.ru
> >To: vlad@ariel.phys.wesleyan.edu
> >To: lord@4jon.com
> >To: assar@freebsd.org
> >To: peter.jeremy@alcatel.com.au
> >To: chaegle@mediaone.net
> >To: brad@wcubed.net
> >To: ewiz@mail.dotcom.fr
> >To: freedom@csie.nctu.edu.tw
> >To: oberman@es.net
> >To: wes@softweyr.com
> >To: julian@elischer.org
> >To: iedowse@maths.tcd.ie
> >To: sroberts84@hotmail.com
> >To: maddave@suxx.eu.org
> >To: ambrisko@ambrisko.com
> >To: ari@suutari.iki.fi
> >To: bonnetf@plonk.esiee.fr
> >To: lucky@land3.nsu.ru
> >To: ume@freebsd.org
> >To: crewking@buckeye-express.com
> >To: bright@sneakerz.org
> >To: tlambert@primenet.com
> >To: gwford@home.com
> >To: vlad@infonet.com.ua
> >To: freebsd-lists-for-dayan-only-owner@egroups.co.uk
> >To: kimch@etri.re.kr
> >To: chris@calldei.com
> >To: peter@guest-tek.com
> >To: sudish@corp.earthlink.net
> >To: peter@wemm.org
> >To: cristjc@earthlink.net
> >To: yar@freebsd.org
> >To: shalunov@internet2.edu
> >To: mike@sentex.net
> >To: roy@its-sby.edu
> >To: kjc@csl.sony.co.jp
> >To: seichert@coopcomp.com
> >Subject: Skynet Mail Protection scan results
> >Date: Mon, 02 Feb 2004 12:09:44 +0100
> >Importance: high
> >X-Mailer: ravmd/8.4.2
> >X-RAVMilter-Version: 8.4.3(snapshot 20030212) (september.skynet.be)
> >X-Virus-Scanned: by amavisd-new
> >X-Spam-Flag: YES
> >X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
> > spamscanner4.sentex.ca
> >X-Spam-Level: *****
> >X-Spam-Status: Yes, hits=3D5.7 required=3D5.1 tests=3DMAILTO_TO_SPAM_ADD=
R,
> > MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,TW_JN,X_PRIORITY_HIGH,
> > X_PRI_MISMATCH_HI autolearn=3Dno version=3D2.63
> >X-Spam-Report:
> > * 0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
> > * 0.1 TW_JN BODY: Odd Letter Triples with JN
> > * 1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely=20
> > spammer email
> > * 1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no=20
> > X-MimeOLE
> > * 2.8 X_PRI_MISMATCH_HI 'X-Priority' does not match=20
> > 'X-MSMail-Priority'
> > * 0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn=
't
> >
> >
> >
> >-----------------------
> >This e-mail is generated by Skynet Mail Protection to warn you that the =
e-mail
> >sent by gbs-vossem@pi.be to timofeev@granch.ru, chris@aims.com.au,=20
> >dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu,=20
> >deepak@ai.net, bmilekic@technokratis.com, randy@psg.com,=20
> >sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com,=
=20
> >tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk,=20
> >anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr,=20
> >reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu,=20
> >rtek@dolfijntje.nl, jack_xiao99@hotmail.com,=20
> >mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,=20
> >s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,=20
> >lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,=20
> >chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,=20
> >freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,=20
> >julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,=20
> >maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi,=20
> >bonnetf@news.esiee.fr, lucky@land3.nsu.!
> > ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org=
,=20
> > tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua,=20
> > freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr,=20
> > chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net,=20
> > peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org,=20
> > shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu,=20
> > kjc@csl.sony.co.jp, seichert@coopcomp.com is infected with virus:=20
> > Win32/Swen.A@mm.
> >Deze e-mail is gegenereerd door Skynet Mail Protection om u te waarschuw=
en dat
> >de e-mail gestuurd door gbs-vossem@pi.be naar timofeev@granch.ru,=20
> >chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org,=20
> >ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com,=20
> >randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru,=20
> >danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr=
,=20
> >jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl,=20
> >c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk,=20
> >provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com,=20
> >mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,=20
> >s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,=20
> >lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,=20
> >chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,=20
> >freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,=20
> >julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,=20
> >maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi,=20
> >bonnetf@news.esiee.fr!
> > , lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com,=
=20
> > bright@sneakerz.org, tlambert@primenet.com, gwford@home.com,=20
> > vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk,=
=20
> > kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com,=20
> > sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net,=20
> > yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net,=20
> > roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com geinfecteerd=
=20
> > is met Win32/Swen.A@mm.
> >Ce mail est g=E9n=E9r=E9 par Skynet Mail Protection afin de vous pr=E9ve=
nir que=20
> >l'e-mail envoy=E9 par gbs-vossem@pi.be =E0 timofeev@granch.ru,=20
> >chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org,=20
> >ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com,=20
> >randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru,=20
> >danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr=
,=20
> >jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl,=20
> >c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk,=20
> >provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com,=20
> >mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,=20
> >s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,=20
> >lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,=20
> >chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,=20
> >freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,=20
> >julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,=20
> >maddave@suxx.eu.org,!
> > ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr,=20
> > lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com,=20
> > bright@sneakerz.org, tlambert@primenet.com, gwford@home.com,=20
> > vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk,=
=20
> > kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com,=20
> > sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net,=20
> > yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net,=20
> > roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com est infect=
=E9=20
> > par le virus : Win32/Swen.A@mm.
> >
> >Please contact your system administrator for further information.
> >Gelieve uw systeembeheerder te contacteren voor meer informatie.
> >Veuillez contacter votre administrateur syst=E8me pour de plus amples=20
> >informations.
> >
> >If you are the sender:
> >Indien u de zender bent:
> >Si vous =EAtes l'exp=E9diteur:
> >-------------------
> >The scanned e-mail has your address in the <From> header field. Either y=
our
> >computer is infected or someone's computer having your e-mail address in
> >the address book has been infected.
> >De gescande e-mail heeft uw adres in het <From> veld. Dat betekent dat =
ofwel
> >jouw computer geinfecteerd is, ofwel dat iemand is geinfecteerd, die jou=
w=20
> >e-mail
> >adres in zijn/haar adresboek heeft.
> >Le mail scann=E9 contient votre adresse e-mail dans son en-t=EAte <De>.
> >Soit votre ordinateur est infect=E9 soit votre adresse e-mail est repris=
e dans
> >le carnet d'adresse d'un ordinateur infect=E9.
> >
> >If you are the receiver:
> >Indien u de bestemmeling bent:
> >Si vous =EAtes le destinataire:
> >---------------------
> >Please contact the sender: most likely he/she doesn't know he/she has a=
=20
> >computer virus.
> >Gelieve de zender te contacteren: hoogst waarschijnlijk weet hij/zij nie=
t=20
> >dat hij/zij
> >geinfecteerd is met een computer virus.
> >Veuillez contacter l'exp=E9diteur: le plus souvent, il/elle ne sait pas =
que son
> >ordinateur est infect=E9.
> >
> >Actions taken for the infected files:
> >Ondernomen actie voor de geinfecteerde bestanden:
> >Actions prises pour les fichiers infect=E9s:
> >-------------------------------------
> >
> >
> >The infected file was saved to quarantine with name:=20
> >1075720184-RAVi12B9bAP025868.
> >The file (part0004:Update.exe) attached to mail (with subject:net critic=
al=20
> >upgrade) sent by gbs-vossem@pi.be to timofeev@granch.ru,=20
> >chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org,=20
> >ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com,=20
> >randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru,=20
> >danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr=
,=20
> >jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl,=20
> >c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk,=20
> >provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com,=20
> >mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,=20
> >s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,=20
> >lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,=20
> >chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,=20
> >freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,=20
> >julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,=20
> >maddave@suxx.eu.org!
> > , ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr,=20
> > lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com,=20
> > bright@sneakerz.org, tlambert@primenet.com, gwford@home.com,=20
> > vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk,=
=20
> > kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com,=20
> > sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net,=20
> > yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net,=20
> > roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com
> >is infected with virus: Win32/Swen.A@mm.
> >The mail was not delivered because it contained dangerous code.
> >
> >------------------------
> >this is a copy of the e-mail header:
> >
> >
> >
> >RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212)
> >
> >Scan engine 8.11 for i386.
> >Last update: Mon, 02 Feb 2004 04:36:04 +01
> >Scanning for 89407 malwares (viruses, trojans and worms).
>=20
> --------------------------------------------------------------------
> Mike Tancsa, =09 tel +1 519 651 3400
> Sentex Communications, =09=09=09 mike@sentex.net
> Providing Internet since 1994 www.sentex.net
> Cambridge, Ontario Canada=09=09=09 www.sentex.net/mike
>=20
>=20
