[rescue] Crazy viruses from the list...
Thomas Gallaway
rescue at port11.net
Mon May 24 12:11:02 CDT 2004
Patrick Giagnocavo +1.717.201.3366 wrote:
>On Mon, May 24, 2004 at 12:45:40PM -0400, William Enestvedt wrote:
>
>
>>Thomas Gallaway wrote:
>>
>>
>>>I dont know but I have within the last 2 hours received 4 viruses
>>>from [an email address that's probably only for this list.]. All
>>>of wich originated from
>>>
>>>Received: from 19-02.com (gtw13-2.esc13.net [170.76.20.253])
>>>
>>>
>>>
>> I just got two more virus-laden email messages; their headers include
>>"<20040112131716.ga7951 at jdboyd.zill.net>" and "[170.76.20.253]" (which
>>is a group named AcNet Gobierno Mexicano who changed their DNS record a
>>week ago). The attachment, Your_money.vbs, was dropped by our mail
>>system.
>>
>>
>
>This is a virus that randomly spoofs From: headers. It spreads by
>reading Outlook's address book then spoofing itself as one of the
>addresses listed there.
>
>I have found it very difficult to trace these back to the infected box.
>
>The procmail anti-virus script (look on freshmeat.net) I have found to
>be helpful. Along with runing Mutt :-)
>
>Cordially
>
>
Yeah but I dont think is can spoof the received from header (IP of the
gateway it originated from).
Actually all those are the same in my headers. Received a bunch more..
-- Thomas
More information about the rescue
mailing list