[Dshield] Delivery reports about your e-mail
Tom
dshield at oitc.com
Wed Feb 11 18:49:12 GMT 2009
Well, Jim, the copy of Mydoom I got from this list came from:
Return-Path: <list-bounces at lists.sans.org>
Received: from iceman12-ext.giac.net (65.173.218.113) by oitc.com with
ESMTP (EIMS X 3.3.7) for <dshield at oitc.com>;
Wed, 11 Feb 2009 10:06:57 -0500
Received: (qmail 14703 invoked from network); 11 Feb 2009 15:06:55 -0000
Received: from unknown (HELO dshield.org) (65.173.218.97)
by iceman12-ext.giac.net with AES256-SHA
encrypted SMTP; 11 Feb 2009 15:06:55 -0000
etc etc etc
Looks like DShield/SANS to me also..........
Tom
At 1:37 PM -0500 2/11/09, Jim McCullough wrote:
>Ok, back to the basics on part of this. Rule 1,
>always check the headers. 99.99% of the time
>there is spoofed address. Being in the world
>of trying to keep the bad guys out, we get
>targeted for having the address used for spam,
>and sending viri. However, if you check the
>orginating and relay addresses, then I doubt you
>will find the emails coming through the dshield
>servers. Without the header information,
>tracking and finding the problem is basically
>like finding a gold needle in a haystack the
>size of Canada.
>
>On Wed, Feb 11, 2009 at 1:12 PM, M Quibell
><<mailto:mquibell at hotmail.com>mquibell at hotmail.com>
>wrote:
>
>You guys sending me a virus/worm in a zip file..
>There was an infected .zip file attached to this
>message.
>
>> From: <mailto:MAILER-DAEMON at dshield.org>MAILER-DAEMON at dshield.org
>> To: <mailto:list at dshield.org>list at dshield.org
>> Date: Wed, 11 Feb 2009 09:55:33 -0500
>> Subject: [Dshield] Delivery reports about your e-mail
>>
>> Dear user <mailto:list at dshield.org>list at dshield.org,
>>
>> We have received reports that your e-mail
>>account was used to send a huge amount of spam
>>messages during this week.
>> We suspect that your computer was compromised
>>and now runs a trojaned proxy server.
>>
>> We recommend you to follow instruction in order to keep your computer safe.
>>
>> Best regards,
>> <http://dshield.org>dshield.org support team.
>>
>
>
>Windows Live: Keep your life in sync.
><http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_allup_howitworks_022009>See
>how it works.
>
>_______________________________________________
>Dshield mailing list
><mailto:Dshield at lists.sans.org>Dshield at lists.sans.org
>To change your subscription options (or
>unsubscribe), see:
><https://lists.sans.org/mailman/listinfo/list>https://lists.sans.org/mailman/listinfo/list
>
>
>
>_______________________________________________
>Dshield mailing list
>Dshield at lists.sans.org
>To change your subscription options (or
>unsubscribe), see:
>https://lists.sans.org/mailman/listinfo/list
--
Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/ local wx: http://www.oitc.com/weather
US Phone Numbers: 321-984-3714,
321-729-6258(fax), 321-258-2475(cell/voice
mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
Never argue with an idiot: a bystander can't tell the difference. - Mark Twain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20090211/cefe5cc6/attachment-0001.htm
More information about the Dshield
mailing list