[Dshield] Delivery reports about your e-mail

Wed Feb 11 18:56:10 GMT 2009

Then there is an issue that needs to be resolved on why it is coming
through.   If anything to reduce the headaches for all of us.   Forgetting a
step, forgetting something simple is usually the stuff the trips many people
up.  Why?  We forget or become more focused on the complex tasks.   I will
send some queries and hopefully get some answers.

On Wed, Feb 11, 2009 at 1:49 PM, Tom <dshield at oitc.com> wrote:

>  Well, Jim, the copy of Mydoom I got from this list came from:
>
> Return-Path: <list-bounces at lists.sans.org>
> Received: from iceman12-ext.giac.net (65.173.218.113) by oitc.com with
>  ESMTP (EIMS X 3.3.7) for <dshield at oitc.com>;
>  Wed, 11 Feb 2009 10:06:57 -0500
> Received: (qmail 14703 invoked from network); 11 Feb 2009 15:06:55 -0000
> Received: from unknown (HELO dshield.org) (65.173.218.97)
>   by iceman12-ext.giac.net with AES256-SHA encrypted SMTP; 11 Feb 2009
> 15:06:55 -0000
>
> etc etc etc
>
> Looks like DShield/SANS to me also..........
>
> Tom
>
>
> At 1:37 PM -0500 2/11/09, Jim McCullough wrote:
>
> Ok, back to the basics on part of this.  Rule 1, always check the headers.
> 99.99% of the time there is spoofed address.   Being in the world of trying
> to keep the bad guys out, we get targeted for having the address used for
> spam, and sending viri.  However, if you check the orginating and relay
> addresses, then I doubt you will find the emails coming through the dshield
> servers.   Without the header information, tracking and finding the problem
> is basically like finding a gold needle in a haystack the size of  Canada.
>
> On Wed, Feb 11, 2009 at 1:12 PM, M Quibell <mquibell at hotmail.com> wrote:
>
> You guys sending me a virus/worm in a zip file.. There was an infected .zip
> file attached to this message.
>
> > From: MAILER-DAEMON at dshield.org
> > To: list at dshield.org
> > Date: Wed, 11 Feb 2009 09:55:33 -0500
> > Subject: [Dshield] Delivery reports about your e-mail
> >
> > Dear user list at dshield.org,
> >
> > We have received reports that your e-mail account was used to send a huge
> amount of spam messages during this week.
> > We suspect that your computer was compromised and now runs a trojaned
> proxy server.
> >
> > We recommend you to follow instruction in order to keep your computer
> safe.
> >
> > Best regards,
> > dshield.org support team.
> >
>
>  ------------------------------
>
> Windows Live : Keep your life in sync. See how it works.<http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_allup_howitworks_022009>
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
> https://lists.sans.org/mailman/listinfo/list
>
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
> https://lists.sans.org/mailman/listinfo/list
>
>
>
> --
>
> Tom Shaw - Chief Engineer, OITC
> <tshaw at oitc.com>, http://www.oitc.com/ local wx:
> http://www.oitc.com/weather
> US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475(cell/voice
> mail,pager)
> Text Paging: http://www.oitc.com/Pager/sendmessage.html
> AIM/iChat: trshaw at mac.com
>
> Never argue with an idiot: a bystander can't tell the difference. - Mark
> Twain
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
> https://lists.sans.org/mailman/listinfo/list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20090211/e00eb5e4/attachment.htm 