Fwd: FOUND VIRUS IN MAIL

James Thomason james at divide.org
Tue Jun 18 16:24:08 UTC 2002 

I could not get this virus to execute on my BSD box, the binary must
be corrupt.  

Clearly this person did not study their target audience. 

Regards, 
James


On 17 Jun 2002, Larry Rosenman wrote:

> 
> Fair Warning....
> 
> 
> 
> -----Forwarded Message-----
> 
> From: vscan at lerctr.org
> To: virusalert at lerctr.org
> Subject: FOUND VIRUS IN MAIL from <owner-nanog at merit.edu>
> Date: 17 Jun 2002 22:48:16 -0500
> 
> A virus was found in an email from:
> 
> <owner-nanog at merit.edu>
> 
> The message was addressed to: 
> 
> -> <ler at lerami.lerctr.org>
> 
> The message has been quarantined as:
> 
> /var/virusmails/virus-20020617-224816-21028
> 
> Here is the output of the scanner:
> 
> Scanning /var/amavis/amavis-milter-4Oa4l925/parts/*
> Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-1.txt
> Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-2.html
> Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe
> /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe
>         Found the DDoS-Slack trojan !!!
> 
> Summary report on /var/amavis/amavis-milter-4Oa4l925/parts/*
> File(s)
>         Total files: ...........       3
>         Clean: .................       2
>         Possibly Infected: .....       1
> 
> Here are the headers:
> 
> ------------------------- BEGIN HEADERS -----------------------------
> Received: by trapdoor.merit.edu (Postfix)
> 	id 0FA7F9124E; Mon, 17 Jun 2002 23:46:02 -0400 (EDT)
> Delivered-To: nanog-outgoing at trapdoor.merit.edu
> Received: by trapdoor.merit.edu (Postfix, from userid 56)
> 	id B621F9124F; Mon, 17 Jun 2002 23:46:01 -0400 (EDT)
> Delivered-To: nanog at trapdoor.merit.edu
> Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
> 	by trapdoor.merit.edu (Postfix) with ESMTP id A61099124E
> 	for <nanog at trapdoor.merit.edu>; Mon, 17 Jun 2002 23:45:58 -0400 (EDT)
> Received: by segue.merit.edu (Postfix)
> 	id 8CCEA5DE57; Mon, 17 Jun 2002 23:45:58 -0400 (EDT)
> Delivered-To: nanog at merit.edu
> Received: from web21109.mail.yahoo.com (web21109.mail.yahoo.com [216.136.227.111])
> 	by segue.merit.edu (Postfix) with SMTP id D92105DE52
> 	for <nanog at merit.edu>; Mon, 17 Jun 2002 23:45:57 -0400 (EDT)
> Message-ID: <20020618034556.54382.qmail at web21109.mail.yahoo.com>
> Received: from [68.36.89.121] by web21109.mail.yahoo.com via HTTP; Mon, 17 Jun 2002 20:45:56 PDT
> Date: Mon, 17 Jun 2002 20:45:56 -0700 (PDT)
> From: jim bruer <jim_teh_man at yahoo.com>
> Subject: ConfigMaker Beta 
> To: nanog at merit.edu
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="0-340633384-1024371956=:50295"
> Sender: owner-nanog at merit.edu
> Precedence: bulk
> Errors-To: owner-nanog-outgoing at merit.edu
> X-Loop: nanog
> -------------------------- END HEADERS ------------------------------
> -- 
> Larry Rosenman                     http://www.lerctr.org/~ler
> Phone: +1 972-414-9812                 E-Mail: ler at lerctr.org
> US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
>

More information about the NANOG mailing list