[RC5] Virus alert !

James Spinks james at angelos.ftech.co.uk
Thu Oct 10 13:37:29 EDT 2002


Quoting Zorba the Hutt <zorbathut at uswest.net>:

> How do you know it was from this list? :P

Mine wasn't actually through the list (so I assume the others weren't either).

What I actually got was a virus from somebody (who claimed to be Jeff Lawson -
the return address was invalid) with the following headers (see below), it
appears to be somebody that is subscribed to the proxy list (I used to be
subscribed but not for a while) who is infected and this virus is harvesting
their old emails to make up to and from combinations.  All address in the
headers have been cleverly mauled by me, obviously the froms were the fake Jeff
Lawson address and the tos are a mixture of my personal addresses.



-----------------------
This e-mail is generated by the SpamCop Email System to warn you that the
e-mail sent by blahblah at blahblah.com to blahblah at blahblah.net is infected with
virus: Win32/Bugbear.A at mm.

Please contact your system administrator for further information.

Actions taken for the infected files:
-------------------------------------


The infected file was saved to quarantine with name: 1034245060-RAV28104.
The file (part0001:Despesas2001.xls.scr) attached to mail (with subject: Re:
[PROXYPER] Nobody at some.ip.address pproxy stats problem) sent by
blahblah at blahblah.com to blahblah at blahblah.com
is infected with virus: Win32/Bugbear.A at mm.
The mail was silently discarded because it contained dangerous code.

------------------------
this is a copy of the e-mail header:

Received: from mailgate.cesmail.net (204.214.92.120)
  by mailgate.cesmail.net with SMTP; 10 Oct 2002 10:17:40 -0000
Received: (qmail 28092 invoked from network); 10 Oct 2002 10:17:39 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
  by mailgate.cesmail.net with SMTP; 10 Oct 2002 10:17:39 -0000
Envelope-to: blahblah at blahblah.com
Delivery-date: Thu, 10 Oct 2002 11:08:14 +0100
Received: from mailgate.ftech.net [195.200.0.68]
        by mailgate.cesmail.net with POP3 (fetchmail-5.9.0)
        for fetchmail at 192.168.1.101 (single-drop); Thu, 10 Oct 2002 06:17:39
-0400 (EDT)
Received: from flint.ftech.net ([212.32.16.123] helo=mx-1.mail.ftech.net)
        by pop1.mail.ftech.net with esmtp (Exim 3.22-ftech-p6 #3)
        id 17zaEn-0008Hj-00
        for blahblah at blahblah.com; Thu, 10 Oct 2002 11:08:13 +0100
Received: from trex.centroin.com.br ([200.225.63.134])
        by mx-1.mail.ftech.net with esmtp (Exim 3.22-ftech-p6 #9)
        id 17zaEj-0003Sn-00
        for blahblah at blahblah.com; Thu, 10 Oct 2002 11:08:09 +0100
Received: from elbn-9z2s2zt4d5 (du167c.rjo.centroin.com.br [200.225.58.167])
        by trex.centroin.com.br (8.12.5/8.12.1) with SMTP id g9AA244f010252;
        Thu, 10 Oct 2002 07:02:06 -0300 (EST)
Date: Thu, 10 Oct 2002 07:02:04 -0300 (EST)
Message-Id: <200210101002.g9AA244f010252 at trex.centroin.com.br>
From: "Jeff Lawson" <blahblah at blahblah.com>
Subject:  Re: [PROXYPER] Nobody at some.ip.address pproxy stats problem
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------L00RY4VTEEJRH3"
Bcc:
X-Frontier-To: blahblah at blahblah.com
Apparently-To: blahblah at blahblah.com
X-UIDL: #,P!!:j!"!f=G!!V_W!!

-- 
James Spinks
--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list