[ale] WORM! Fwd: Warning about your e-mail account.
jeb
jeb at rev-x.com
Wed Mar 3 22:16:24 EST 2004
It was me. My wife opened an email sent to your yahoo account. It
should be fixed now, sorry for any problems it may have caused.
Robert Reese wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Well, this is a new one... obviously the worm picks up the domain and
>auto-populates the fields. A little clever.
>
>Now, it looks like the headers at least show the machine responsible for
>sending or relaying the virus:
>"Received: from vader (CPE-65-28-169-147.neb.rr.com [65.28.169.147]) by
>hydra.host4u.net (8.11.6/8.11.6) with SMTP id i23GDuj25569 for <(my email)>;
>Wed, 3 "
>I scanned the IP and found a number of ports responding, which are the usual
>suspects:
>065.028.169.147 21 25 53 80 110
>
>It appears that the IP resides in Nebraska.
>
>Below is the text of the worm's email, which I believe is the Beagle worm,
>variant E.
>
>Cheers,
>Robert~
>
>*********** BEGIN FORWARDED MESSAGE ***********
>
>On 3/3/2004 at 10:13 AM noreply at sixit.com <noreply at sixit.com> wrote:
>
>
>
>>Hello user of Sixit.com e-mail server,
>>
>>Our main mailing server will be temporary unavaible for next two days,
>>to continue receiving mail in these days you have to configure our
>>free
>>auto-forwarding service.
>>
>>For details see the attach.
>>
>>Have a good day,
>> The Sixit.com team http://www.sixit.com
>>
>>
>>
>>
>
>*********** END FORWARDED MESSAGE ***********
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 8.0.3
>Comment: No on has the right to NOT be offended!
>
>iQA/AwUBQEaCdrw8BOWncaQMEQIkhQCgoiURw88JauQqkvvHdP6VhzdMr90AoItl
>O4+5j2I43EAHmoei0Bzxe9wt
>=6rTM
>-----END PGP SIGNATURE-----
>
>
>Type: DH/DSS 4096/1024 AES-256
>Key ID: 0xA771A40C
>Fingerprint: CAE2 81CA A7CD 6681 341C E3A9 BC3C 04E5 A771 A40C
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>
>
More information about the Ale
mailing list