[Intrusions] Weird spam message headers

broyds at rogers.com broyds at rogers.com
Wed Dec 22 04:04:35 GMT 2004


 I have received a number of blank email messages (just headers, but no explicit
To: address) today that all seem to have a common thread.
The have the Received line immediately before the Trojaned ADSL host that sent
them to my ISP with this in line (although ID differs, it is of similar format):

(Sun Java System Messaging Server 6.1 HotFix 0.01
 (built Jun 24 2004)) with ESMTP id <0U6K00S[6


Does anyone know what this server is and what security problems it has?


Here are some header sets (actual delivery address blanked out):
=========================================================================
-Apparently-To: xxxx at rogers.com via 206.190.37.207; Tue, 21 Dec 2004 14:48:23
-0800
X-YahooFilteredBulk: 168.226.90.41
Authentication-Results: mta100.rog.mail.re2.yahoo.com
  domainkeys=neutral (no sig)
X-Originating-IP: [168.226.90.41]
Return-Path: <lwogrt at omninet.net.cy>
Received: from 168.226.90.41  (HELO 168-226-90-41.speedy.com.ar) (168.226.90.41)
  by mta100.rog.mail.re2.yahoo.com with SMTP; Tue, 21 Dec 2004 14:48:20 -0800
Received: from caspian.sy163.net ([194.149.10.28])
 by confectionery.sy163.net (Sun Java System Messaging Server 6.1 HotFix 0.01
 (built Jun 24 2004)) with ESMTP id <0U6K00S[6

========================================================================
X-Apparently-To: xxxx at rogers.com via 206.190.37.233; Tue, 21 Dec 2004 10:56:54
-0800
Authentication-Results: mta103.rog.mail.re2.yahoo.com
  domainkeys=neutral (no sig)
X-Originating-IP: [200.120.40.25]
Return-Path: <cecvpkupulskfr at ffis.com>
Received: from 200.120.40.25  (HELO CM128-lflo0-40-25.cm.vtr.net)
(200.120.40.25)
  by mta103.rog.mail.re2.yahoo.com with SMTP; Tue, 21 Dec 2004 10:56:51 -0800
Received: from caper.pakistan.com ([63.250.0.6])
 by sophoclean.pakistan.com (Sun Java System Messaging Server 6.1 HotFix 0.01
 (built Jun 24 2004)) with ESMTP id <0C4A00P[6

================================================================================
=
X-Apparently-To: XXXX at rogers.com via 206.190.37.209; Tue, 21 Dec 2004 15:41:04
-0800
X-YahooFilteredBulk: 201.133.202.17
Authentication-Results: mta109.rog.mail.re2.yahoo.com
  domainkeys=neutral (no sig)
X-Originating-IP: [201.133.202.17]
Return-Path: <hxinttlm at bisons.com>
Received: from 201.133.202.17  (HELO
customer-201-133-202-17.prod-infinitum.com.mx) (201.133.202.17)
  by mta109.rog.mail.re2.yahoo.com with SMTP; Tue, 21 Dec 2004 15:41:03 -0800
Received: from attention.gol.ge ([216.157.146.64])
 by whippany.gol.ge (Sun Java System Messaging Server 6.1 HotFix 0.01
 (built Jun 24 2004)) with ESMTP id <0I2S00I[6

================================================================================
==
X-Apparently-To: XXXX at rogers.com via 206.190.37.232; Tue, 21 Dec 2004 14:47:40
-0800
X-YahooFilteredBulk: 200.95.48.60
Authentication-Results: mta105.rog.mail.re2.yahoo.com
  domainkeys=neutral (no sig)
X-Originating-IP: [200.95.48.60]
Return-Path: <lwogrt at omninet.net.cy>
Received: from 200.95.48.60  (HELO dsl-200-95-48-60.prod-infinitum.com.mx)
(200.95.48.60)
  by mta105.rog.mail.re2.yahoo.com with SMTP; Tue, 21 Dec 2004 14:47:40 -0800
Received: from caspian.sy163.net ([194.149.10.28])
 by confectionery.sy163.net (Sun Java System Messaging Server 6.1 HotFix 0.01
 (built Jun 24 2004)) with ESMTP id <0U6K00S[6





More information about the Intrusions mailing list