other virus damages/costs.....(hello skynet.be ?)
Stephen J. Wilcox
steve at telecomplete.co.uk
Mon Feb 2 13:08:37 UTC 2004
our queue appears to increasing linearly since about last tuesday, since then
its increased 3000%, theres a huge dip midday saturday (it goes down to one
third its size in about 4hrs) then rapidly jumps up to higher than its pre-dip
value
thats messages tho, queue spool size hasnt gone up all that much, maybe 200%
no idea about our storage spools...
very odd!!
Steve
On Mon, 2 Feb 2004, Mike Tancsa wrote:
>
>
> Looking at my disk stats, my mail storage spool has grown by 15% in the
> past week not due the deluge of viruses which I can block and reject, but
> in large part to those idiotic "Hi, I am sorry in a happy idiotic way to
> inform you that the message you sent has a virus" messages.... As almost
> all of them forge their email address, what is the point of warning the
> "sender." Even better, I wake up this am to 285 (and growing) messages
> below telling me that someone at skynet is trying to send me a virus
> message and it cc's 64 other people. Nice.
>
>
> ---Mike
>
> >From: "Skynet Mail Protection" <support at skynet.be>
> >To: gbs-vossem at pi.be
> >To: timofeev at granch.ru
> >To: chris at aims.com.au
> >To: dcs at newsguy.com
> >To: imp at harmony.village.org
> >To: ted at ness.plymouth.edu
> >To: deepak at ai.net
> >To: bmilekic at technokratis.com
> >To: randy at psg.com
> >To: sthaug at nethelp.no
> >To: shelton at sentry.granch.ru
> >To: danny_j_mitzel at yahoo.com
> >To: tinguely at web.cs.ndsu.nodak.edu
> >To: charon at hell.gr
> >To: jesper at skriver.dk
> >To: anandfranklin at hotmail.com
> >To: nascar24 at home.nl
> >To: c.prevotaux at hexanet.fr
> >To: reichert at numachi.com
> >To: andy at tecc.co.uk
> >To: provos at citi.umich.edu
> >To: rtek at dolfijntje.nl
> >To: jack_xiao99 at hotmail.com
> >To: mark.blackman at netscalibur.co.uk
> >To: gunther at aurora.regenstrief.org
> >To: s_bschmi at ira.uka.de
> >To: vova at express.ru
> >To: vlad at ariel.phys.wesleyan.edu
> >To: lord at 4jon.com
> >To: assar at freebsd.org
> >To: peter.jeremy at alcatel.com.au
> >To: chaegle at mediaone.net
> >To: brad at wcubed.net
> >To: ewiz at mail.dotcom.fr
> >To: freedom at csie.nctu.edu.tw
> >To: oberman at es.net
> >To: wes at softweyr.com
> >To: julian at elischer.org
> >To: iedowse at maths.tcd.ie
> >To: sroberts84 at hotmail.com
> >To: maddave at suxx.eu.org
> >To: ambrisko at ambrisko.com
> >To: ari at suutari.iki.fi
> >To: bonnetf at plonk.esiee.fr
> >To: lucky at land3.nsu.ru
> >To: ume at freebsd.org
> >To: crewking at buckeye-express.com
> >To: bright at sneakerz.org
> >To: tlambert at primenet.com
> >To: gwford at home.com
> >To: vlad at infonet.com.ua
> >To: freebsd-lists-for-dayan-only-owner at egroups.co.uk
> >To: kimch at etri.re.kr
> >To: chris at calldei.com
> >To: peter at guest-tek.com
> >To: sudish at corp.earthlink.net
> >To: peter at wemm.org
> >To: cristjc at earthlink.net
> >To: yar at freebsd.org
> >To: shalunov at internet2.edu
> >To: mike at sentex.net
> >To: roy at its-sby.edu
> >To: kjc at csl.sony.co.jp
> >To: seichert at coopcomp.com
> >Subject: Skynet Mail Protection scan results
> >Date: Mon, 02 Feb 2004 12:09:44 +0100
> >Importance: high
> >X-Mailer: ravmd/8.4.2
> >X-RAVMilter-Version: 8.4.3(snapshot 20030212) (september.skynet.be)
> >X-Virus-Scanned: by amavisd-new
> >X-Spam-Flag: YES
> >X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
> > spamscanner4.sentex.ca
> >X-Spam-Level: *****
> >X-Spam-Status: Yes, hits=5.7 required=5.1 tests=MAILTO_TO_SPAM_ADDR,
> > MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,TW_JN,X_PRIORITY_HIGH,
> > X_PRI_MISMATCH_HI autolearn=no version=2.63
> >X-Spam-Report:
> > * 0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
> > * 0.1 TW_JN BODY: Odd Letter Triples with JN
> > * 1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely
> > spammer email
> > * 1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no
> > X-MimeOLE
> > * 2.8 X_PRI_MISMATCH_HI 'X-Priority' does not match
> > 'X-MSMail-Priority'
> > * 0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't
> >
> >
> >
> >-----------------------
> >This e-mail is generated by Skynet Mail Protection to warn you that the e-mail
> >sent by gbs-vossem at pi.be to timofeev at granch.ru, chris at aims.com.au,
> >dcs at newsguy.com, imp at harmony.village.org, ted at ness.plymouth.edu,
> >deepak at ai.net, bmilekic at technokratis.com, randy at psg.com,
> >sthaug at nethelp.no, shelton at sentry.granch.ru, danny_j_mitzel at yahoo.com,
> >tinguely at web.cs.ndsu.nodak.edu, charon at hell.gr, jesper at skriver.dk,
> >anandfranklin at hotmail.com, nascar24 at home.nl, c.prevotaux at hexanet.fr,
> >reichert at numachi.com, andy at tecc.co.uk, provos at citi.umich.edu,
> >rtek at dolfijntje.nl, jack_xiao99 at hotmail.com,
> >mark.blackman at netscalibur.co.uk, gunther at aurora.regenstrief.org,
> >s_bschmi at ira.uka.de, vova at express.ru, vlad at ariel.phys.wesleyan.edu,
> >lord at 4jon.com, assar at freebsd.org, peter.jeremy at alcatel.com.au,
> >chaegle at mediaone.net, brad at wcubed.net, ewiz at mail.dotcom.fr,
> >freedom at csie.nctu.edu.tw, oberman at es.net, wes at softweyr.com,
> >julian at elischer.org, iedowse at maths.tcd.ie, sroberts84 at hotmail.com,
> >maddave at suxx.eu.org, ambrisko at ambrisko.com, ari at suutari.iki.fi,
> >bonnetf at news.esiee.fr, lucky at land3.nsu.!
> > ru, ume at freebsd.org, crewking at buckeye-express.com, bright at sneakerz.org,
> > tlambert at primenet.com, gwford at home.com, vlad at infonet.com.ua,
> > freebsd-lists-for-dayan-only-owner at egroups.co.uk, kimch at etri.re.kr,
> > chris at calldei.com, peter at guest-tek.com, sudish at corp.earthlink.net,
> > peter at wemm.org, cristjc at earthlink.net, yar at freebsd.org,
> > shalunov at internet2.edu, mike at sentex.net, roy at its-sby.edu,
> > kjc at csl.sony.co.jp, seichert at coopcomp.com is infected with virus:
> > Win32/Swen.A at mm.
> >Deze e-mail is gegenereerd door Skynet Mail Protection om u te waarschuwen dat
> >de e-mail gestuurd door gbs-vossem at pi.be naar timofeev at granch.ru,
> >chris at aims.com.au, dcs at newsguy.com, imp at harmony.village.org,
> >ted at ness.plymouth.edu, deepak at ai.net, bmilekic at technokratis.com,
> >randy at psg.com, sthaug at nethelp.no, shelton at sentry.granch.ru,
> >danny_j_mitzel at yahoo.com, tinguely at web.cs.ndsu.nodak.edu, charon at hell.gr,
> >jesper at skriver.dk, anandfranklin at hotmail.com, nascar24 at home.nl,
> >c.prevotaux at hexanet.fr, reichert at numachi.com, andy at tecc.co.uk,
> >provos at citi.umich.edu, rtek at dolfijntje.nl, jack_xiao99 at hotmail.com,
> >mark.blackman at netscalibur.co.uk, gunther at aurora.regenstrief.org,
> >s_bschmi at ira.uka.de, vova at express.ru, vlad at ariel.phys.wesleyan.edu,
> >lord at 4jon.com, assar at freebsd.org, peter.jeremy at alcatel.com.au,
> >chaegle at mediaone.net, brad at wcubed.net, ewiz at mail.dotcom.fr,
> >freedom at csie.nctu.edu.tw, oberman at es.net, wes at softweyr.com,
> >julian at elischer.org, iedowse at maths.tcd.ie, sroberts84 at hotmail.com,
> >maddave at suxx.eu.org, ambrisko at ambrisko.com, ari at suutari.iki.fi,
> >bonnetf at news.esiee.fr!
> > , lucky at land3.nsu.ru, ume at freebsd.org, crewking at buckeye-express.com,
> > bright at sneakerz.org, tlambert at primenet.com, gwford at home.com,
> > vlad at infonet.com.ua, freebsd-lists-for-dayan-only-owner at egroups.co.uk,
> > kimch at etri.re.kr, chris at calldei.com, peter at guest-tek.com,
> > sudish at corp.earthlink.net, peter at wemm.org, cristjc at earthlink.net,
> > yar at freebsd.org, shalunov at internet2.edu, mike at sentex.net,
> > roy at its-sby.edu, kjc at csl.sony.co.jp, seichert at coopcomp.com geinfecteerd
> > is met Win32/Swen.A at mm.
> >Ce mail est généré par Skynet Mail Protection afin de vous prévenir que
> >l'e-mail envoyé par gbs-vossem at pi.be à timofeev at granch.ru,
> >chris at aims.com.au, dcs at newsguy.com, imp at harmony.village.org,
> >ted at ness.plymouth.edu, deepak at ai.net, bmilekic at technokratis.com,
> >randy at psg.com, sthaug at nethelp.no, shelton at sentry.granch.ru,
> >danny_j_mitzel at yahoo.com, tinguely at web.cs.ndsu.nodak.edu, charon at hell.gr,
> >jesper at skriver.dk, anandfranklin at hotmail.com, nascar24 at home.nl,
> >c.prevotaux at hexanet.fr, reichert at numachi.com, andy at tecc.co.uk,
> >provos at citi.umich.edu, rtek at dolfijntje.nl, jack_xiao99 at hotmail.com,
> >mark.blackman at netscalibur.co.uk, gunther at aurora.regenstrief.org,
> >s_bschmi at ira.uka.de, vova at express.ru, vlad at ariel.phys.wesleyan.edu,
> >lord at 4jon.com, assar at freebsd.org, peter.jeremy at alcatel.com.au,
> >chaegle at mediaone.net, brad at wcubed.net, ewiz at mail.dotcom.fr,
> >freedom at csie.nctu.edu.tw, oberman at es.net, wes at softweyr.com,
> >julian at elischer.org, iedowse at maths.tcd.ie, sroberts84 at hotmail.com,
> >maddave at suxx.eu.org,!
> > ambrisko at ambrisko.com, ari at suutari.iki.fi, bonnetf at news.esiee.fr,
> > lucky at land3.nsu.ru, ume at freebsd.org, crewking at buckeye-express.com,
> > bright at sneakerz.org, tlambert at primenet.com, gwford at home.com,
> > vlad at infonet.com.ua, freebsd-lists-for-dayan-only-owner at egroups.co.uk,
> > kimch at etri.re.kr, chris at calldei.com, peter at guest-tek.com,
> > sudish at corp.earthlink.net, peter at wemm.org, cristjc at earthlink.net,
> > yar at freebsd.org, shalunov at internet2.edu, mike at sentex.net,
> > roy at its-sby.edu, kjc at csl.sony.co.jp, seichert at coopcomp.com est infecté
> > par le virus : Win32/Swen.A at mm.
> >
> >Please contact your system administrator for further information.
> >Gelieve uw systeembeheerder te contacteren voor meer informatie.
> >Veuillez contacter votre administrateur système pour de plus amples
> >informations.
> >
> >If you are the sender:
> >Indien u de zender bent:
> >Si vous êtes l'expéditeur:
> >-------------------
> >The scanned e-mail has your address in the <From> header field. Either your
> >computer is infected or someone's computer having your e-mail address in
> >the address book has been infected.
> >De gescande e-mail heeft uw adres in het <From> veld. Dat betekent dat ofwel
> >jouw computer geinfecteerd is, ofwel dat iemand is geinfecteerd, die jouw
> >e-mail
> >adres in zijn/haar adresboek heeft.
> >Le mail scanné contient votre adresse e-mail dans son en-tête <De>.
> >Soit votre ordinateur est infecté soit votre adresse e-mail est reprise dans
> >le carnet d'adresse d'un ordinateur infecté.
> >
> >If you are the receiver:
> >Indien u de bestemmeling bent:
> >Si vous êtes le destinataire:
> >---------------------
> >Please contact the sender: most likely he/she doesn't know he/she has a
> >computer virus.
> >Gelieve de zender te contacteren: hoogst waarschijnlijk weet hij/zij niet
> >dat hij/zij
> >geinfecteerd is met een computer virus.
> >Veuillez contacter l'expéditeur: le plus souvent, il/elle ne sait pas que son
> >ordinateur est infecté.
> >
> >Actions taken for the infected files:
> >Ondernomen actie voor de geinfecteerde bestanden:
> >Actions prises pour les fichiers infectés:
> >-------------------------------------
> >
> >
> >The infected file was saved to quarantine with name:
> >1075720184-RAVi12B9bAP025868.
> >The file (part0004:Update.exe) attached to mail (with subject:net critical
> >upgrade) sent by gbs-vossem at pi.be to timofeev at granch.ru,
> >chris at aims.com.au, dcs at newsguy.com, imp at harmony.village.org,
> >ted at ness.plymouth.edu, deepak at ai.net, bmilekic at technokratis.com,
> >randy at psg.com, sthaug at nethelp.no, shelton at sentry.granch.ru,
> >danny_j_mitzel at yahoo.com, tinguely at web.cs.ndsu.nodak.edu, charon at hell.gr,
> >jesper at skriver.dk, anandfranklin at hotmail.com, nascar24 at home.nl,
> >c.prevotaux at hexanet.fr, reichert at numachi.com, andy at tecc.co.uk,
> >provos at citi.umich.edu, rtek at dolfijntje.nl, jack_xiao99 at hotmail.com,
> >mark.blackman at netscalibur.co.uk, gunther at aurora.regenstrief.org,
> >s_bschmi at ira.uka.de, vova at express.ru, vlad at ariel.phys.wesleyan.edu,
> >lord at 4jon.com, assar at freebsd.org, peter.jeremy at alcatel.com.au,
> >chaegle at mediaone.net, brad at wcubed.net, ewiz at mail.dotcom.fr,
> >freedom at csie.nctu.edu.tw, oberman at es.net, wes at softweyr.com,
> >julian at elischer.org, iedowse at maths.tcd.ie, sroberts84 at hotmail.com,
> >maddave at suxx.eu.org!
> > , ambrisko at ambrisko.com, ari at suutari.iki.fi, bonnetf at news.esiee.fr,
> > lucky at land3.nsu.ru, ume at freebsd.org, crewking at buckeye-express.com,
> > bright at sneakerz.org, tlambert at primenet.com, gwford at home.com,
> > vlad at infonet.com.ua, freebsd-lists-for-dayan-only-owner at egroups.co.uk,
> > kimch at etri.re.kr, chris at calldei.com, peter at guest-tek.com,
> > sudish at corp.earthlink.net, peter at wemm.org, cristjc at earthlink.net,
> > yar at freebsd.org, shalunov at internet2.edu, mike at sentex.net,
> > roy at its-sby.edu, kjc at csl.sony.co.jp, seichert at coopcomp.com
> >is infected with virus: Win32/Swen.A at mm.
> >The mail was not delivered because it contained dangerous code.
> >
> >------------------------
> >this is a copy of the e-mail header:
> >
> >
> >
> >RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212)
> >
> >Scan engine 8.11 for i386.
> >Last update: Mon, 02 Feb 2004 04:36:04 +01
> >Scanning for 89407 malwares (viruses, trojans and worms).
>
> --------------------------------------------------------------------
> Mike Tancsa, tel +1 519 651 3400
> Sentex Communications, mike at sentex.net
> Providing Internet since 1994 www.sentex.net
> Cambridge, Ontario Canada www.sentex.net/mike
>
>
More information about the NANOG
mailing list