Re: New e-mail virus? subject: Inet system ()
From: Trafton (traftonofjj2SPAM_at_yahoo.com)
Date: 04/29/04
- Next message: Trafton: "Re: Dynasoft,worm?"
- Previous message: Veronica Loell: "Re: email spoofed"
- In reply to: YouHoosier: "New e-mail virus? subject: Inet system ()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Apr 2004 14:48:33 -0700
Hi YouHoosier,
It took some extensive digging, but Google eventually rendered a result.
This email was sent by the rare Gibe.C worm.
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=40743
Hope this helps!
Sincerely,
Benjamin "Trafton" Johnstone-Anderson
Microsoft MVP - Windows Security
Remove "SPAM" from email address to reply!
Security Manifest: www.msmvps.com/trafton/
"YouHoosier" <anonymous@discussions.microsoft.com> wrote in message
news:622701c42e15$64b019f0$a301280a@phx.gbl...
> Hi everybody,
>
> Likely spoof, virus or maybe nothiing at all, but just got
> an e-mail and my free version of Mailwasher shows it has
> 143KB and the previewed content shows-
>
> Received: from pmta02.mta.everyone.net (bigiplb-dsnat
> [172.16.0.19])
> by imta26.mta.everyone.net (Postfix) with ESMTP id
> A73D25160D
> for <myaddress@myisp.com>; Thu, 29 Apr 2004
> 06:30:34 -0700 (PDT)
> Received: from charon.smart.se (194.14.81.162
> [194.14.81.162])
> by pmta02.mta.everyone.net (EON-PMTA) with ESMTP
> id 25A89E8A; Thu, 29 Apr 2004 06:30:34 -0700
> Received: from popmail.smart.se ([194.14.81.186])
> by charon.smart.se (8.12.10/8.12.10) with ESMTP id
> i3TDSdZw020460;
> Thu, 29 Apr 2004 15:28:40 +0200 (CEST)
> Received: from pbhmh ([10.48.164.10])
> by popmail.smart.se (8.12.8/8.12.8) with SMTP id
> i3TDNnvO073299;
> Thu, 29 Apr 2004 15:23:50 +0200 (CEST)
> (envelope-from news@northeastwestsouth.se)
> Date: Thu, 29 Apr 2004 15:23:49 +0200 (CEST)
> Message-Id: <200404291323.i3TDNnvO073299@popmail.smart.se>
> From: "Inet Email System" <>
> To: "Mail Client" <recipient@emailserver.com>
> SUBJECT: Report
> Mime-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="agwnegbf"
> Sender: news@northeastwestsouth.se
>
> Then there's a lot of I guess code in the message body I
> think it is. Looks like-
>
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> etc, etc.
>
> It is typical of several other virus linking e-mails I've
> recently received (ie;ISWEN as labeled as MS Updates) and
> as so much content, the body having so much content, it
> obviously is either malicious or at least a spoof e-mail,
> so nobody in their right mind would won't open it, but
> doing a google search on the subject I find it lists
> several hits and they all pretty much tie to this-
>
> Bug#207132: Notice
> lists.debian.org/debian-policy/2003/ debian-policy-
> 200309/msg00144.html - 4k
>
> and actual address is-
>
> http://lists.debian.org/debian-policy/2003/debian-policy-
> 200309/msg00144.html
>
> Aside from simply wanting to put out the word if this's an
> alert worhty issue, I would like to know if going to the
> google hit's site is safe, or is that unwise even with
> free AV and my somewhat opertional free firewall (ie; port
> 113 isn't stealthed, etc.).
>
> Also, if any other security advice afforded, again thanks.
>
> Thanks if affording us reply.
>
> Best regards to all and hap' e-trails, YouHoosier
>
>
>
- Next message: Trafton: "Re: Dynasoft,worm?"
- Previous message: Veronica Loell: "Re: email spoofed"
- In reply to: YouHoosier: "New e-mail virus? subject: Inet system ()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
