[Dshield] Delivery reports about your e-mail
M Quibell
mquibell at hotmail.com
Wed Feb 11 18:49:52 GMT 2009
Oops! Forgot to check the header. Sorry.
Old-Received: from dshield.org (pa-67-234-66-227.dhcp.embarqhsd.net
[67.234.66.227])
Date: Wed, 11 Feb 2009 13:37:45 -0500
From: jim.mccullough at gmail.com
To: list at lists.sans.org
Subject: Re: [Dshield] Delivery reports about your e-mail
Ok, back to the basics on part of this. Rule 1, always check the headers. 99.99% of the time there is spoofed address. Being in the world of trying to keep the bad guys out, we get targeted for having the address used for spam, and sending viri. However, if you check the orginating and relay addresses, then I doubt you will find the emails coming through the dshield servers. Without the header information, tracking and finding the problem is basically like finding a gold needle in a haystack the size of Canada.
On Wed, Feb 11, 2009 at 1:12 PM, M Quibell <mquibell at hotmail.com> wrote:
You guys sending me a virus/worm in a zip file.. There was an infected .zip file attached to this message.
> From: MAILER-DAEMON at dshield.org
> To: list at dshield.org
> Date: Wed, 11 Feb 2009 09:55:33 -0500
> Subject: [Dshield] Delivery reports about your e-mail
>
> Dear user list at dshield.org,
>
> We have received reports that your e-mail account was used to send a huge amount of spam messages during this week.
> We suspect that your computer was compromised and now runs a trojaned proxy server.
>
> We recommend you to follow instruction in order to keep your computer safe.
>
> Best regards,
> dshield.org support team.
>
Windows Live™: Keep your life in sync. See how it works.
_______________________________________________
Dshield mailing list
Dshield at lists.sans.org
To change your subscription options (or unsubscribe), see: https://lists.sans.org/mailman/listinfo/list
_________________________________________________________________
Windows Live™: Keep your life in sync.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_022009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20090211/6b21376d/attachment-0001.htm
More information about the Dshield
mailing list