[Dshield] Delivery reports about your e-mail
Jim McCullough
jim.mccullough at gmail.com
Wed Feb 11 18:37:45 GMT 2009
Ok, back to the basics on part of this. Rule 1, always check the headers.
99.99% of the time there is spoofed address. Being in the world of trying
to keep the bad guys out, we get targeted for having the address used for
spam, and sending viri. However, if you check the orginating and relay
addresses, then I doubt you will find the emails coming through the dshield
servers. Without the header information, tracking and finding the problem
is basically like finding a gold needle in a haystack the size of Canada.
On Wed, Feb 11, 2009 at 1:12 PM, M Quibell <mquibell at hotmail.com> wrote:
> You guys sending me a virus/worm in a zip file.. There was an infected
> .zip file attached to this message.
>
> > From: MAILER-DAEMON at dshield.org
> > To: list at dshield.org
> > Date: Wed, 11 Feb 2009 09:55:33 -0500
> > Subject: [Dshield] Delivery reports about your e-mail
> >
> > Dear user list at dshield.org,
> >
> > We have received reports that your e-mail account was used to send a huge
> amount of spam messages during this week.
> > We suspect that your computer was compromised and now runs a trojaned
> proxy server.
> >
> > We recommend you to follow instruction in order to keep your computer
> safe.
> >
> > Best regards,
> > dshield.org support team.
> >
>
> ------------------------------
> Windows Live™: Keep your life in sync. See how it works.<http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_allup_howitworks_022009>
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
> https://lists.sans.org/mailman/listinfo/list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20090211/4f8cfc65/attachment.htm
More information about the Dshield
mailing list