[Dshield] Full list of virus mail

Tom dshield at oitc.com
Thu Feb 12 14:53:43 GMT 2009 

Here is full email:

Return-Path: <list-bounces at lists.sans.org>
Received: from iceman12-ext.giac.net (65.173.218.113) by oitc.com with
  ESMTP (EIMS X 3.3.7) for <dshield at oitc.com>;
  Wed, 11 Feb 2009 10:06:57 -0500
Received: (qmail 14703 invoked from network); 11 Feb 2009 15:06:55 -0000
Received: from unknown (HELO dshield.org) (65.173.218.97)
   by iceman12-ext.giac.net with AES256-SHA 
encrypted SMTP; 11 Feb 2009 15:06:55 -0000
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by dshield.org (8.12.11/8.12.11) with ESMTP id n1BF5SCk027901;
	Wed, 11 Feb 2009 15:06:06 GMT
Received: from iceman12-ext.giac.net (iceman12-ext.giac.net [65.173.218.113])
	by dshield.org (8.12.11/8.12.11) with ESMTP id n1BEtbCv027289
	for <list at 65.173.218.97>; Wed, 11 Feb 2009 14:55:37 GMT
Received: (qmail 2906 invoked from network); 11 Feb 2009 14:55:37 -0000
Received: from unknown (HELO dshield.org) (65.173.218.95)
	by iceman12-ext.giac.net with AES256-SHA encrypted SMTP;
	11 Feb 2009 14:55:37 -0000
Received: (from dshield at localhost)
	by dshield.org (8.13.1/8.13.1/Submit) id n1BEtb82010469
	for list at 65.173.218.97; Wed, 11 Feb 2009 14:55:37 GMT
Old-Received: from mail.dshield.org (iceman12-ext.giac.net [65.173.218.113])
	by dshield.org (8.13.1/8.13.1) with ESMTP id n1BEtbAY010458
	for <list at dshield.org>; Wed, 11 Feb 2009 14:55:37 GMT
Old-Received: (qmail 2901 invoked by uid 2036); 11 Feb 2009 14:55:37 -0000
Old-Received: from 74.208.112.68 by iceman12.giac.net (envelope-from
	<MAILER-DAEMON at dshield.org>, uid 2013) with qmail-scanner-2.01
	( Clear:RC:0(74.208.112.68):SA:0(3.4/5.0):.
	Processed in 1.711678 secs); 11 Feb 2009 14:55:37 -0000
X-Spam-DCC: : iceman11.giac.net 1113; Body=1 Fuz1=1 Fuz2=1
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on iceman11.giac.net
X-Spam-Level: ***
X-Spam-Status: No, score=3.4 required=5.0 tests=FORGED_MUA_OUTLOOK,
	SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.1.8
X-Spam-Pyzor: Reported 0 times.
X-Spam-Report: * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
	* -0.0 SPF_PASS SPF: sender matches SPF record
	* 3.4 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
X-Envelope-From: MAILER-DAEMON at dshield.org
Old-Received: from unknown (HELO mail4.dshield.org) (74.208.112.68)
	by mail.dshield.org with AES256-SHA encrypted SMTP;
	11 Feb 2009 14:55:35 -0000
Old-Received: from dshield.org (pa-67-234-66-227.dhcp.embarqhsd.net
	[67.234.66.227])
	by mail4.dshield.org (Postfix) with ESMTP id 35CE4E016826
	for <list at dshield.org>; Wed, 11 Feb 2009 14:55:33 +0000 (UTC)
From: "MAILER-DAEMON" <MAILER-DAEMON at dshield.org>
To: list at dshield.org
Date: Wed, 11 Feb 2009 09:55:33 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0002_A61D78FA.E2F137F5"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20090211145533.35CE4E016826 at mail4.dshield.org>
Old-X-Envelope-To: list at dshield.org
X-Seen-By: bob list
X-Envelope-To: UNKNOWN
X-Mailman-Approved-At: Wed, 11 Feb 2009 15:05:27 +0000
Subject: [Dshield] Delivery reports about your e-mail
X-BeenThere: list at lists.sans.org
X-Mailman-Version: 2.1.8
Precedence: list
Reply-To: General DShield Discussion List <list at lists.sans.org>
List-Id: General DShield Discussion List <list.lists.sans.org>
List-Unsubscribe: <https://lists.sans.org/mailman/listinfo/list>,
	<mailto:list-request at lists.sans.org?subject=unsubscribe>
List-Archive: <http://lists.sans.org/pipermail/list>
List-Post: <mailto:list at lists.sans.org>
List-Help: <mailto:list-request at lists.sans.org?subject=help>
List-Subscribe: <https://lists.sans.org/mailman/listinfo/list>,
	<mailto:list-request at lists.sans.org?subject=subscribe>
Sender: list-bounces at lists.sans.org
Errors-To: list-bounces at lists.sans.org

Dear user list at dshield.org,

We have received reports that your e-mail account 
was used to send a huge amount of spam messages 
during this week.
We suspect that your computer was compromised and 
now runs a trojaned proxy server.

We recommend you to follow instruction in order to keep your computer safe.

Best regards,
dshield.org support team.


Attachment converted: Macintosh HD:message.zip (pZIP/«IC») (01639BFA)
_______________________________________________
Dshield mailing list
Dshield at lists.sans.org
To change your subscription options (or 
unsubscribe), see: 
https://lists.sans.org/mailman/listinfo/list


At 4:25 PM -0800 2/11/09, Anthony Gallina wrote:
>That is strange as I got no zip attachment here,with a viri. Are you giving
>the full header? It may be dirty on another server.
>----- Original Message -----
>From: <list-request at lists.sans.org>
>To: <list at lists.sans.org>
>Sent: Wednesday, February 11, 2009 11:24 AM
>Subject: Dshield Digest, Vol 7, Issue 11
>
>
>>  Send Dshield mailing list submissions to
>>  list at lists.sans.org
>>
>>  To subscribe or unsubscribe via the World Wide Web, visit
>>  https://lists.sans.org/mailman/listinfo/list
>>  or, via email, send a message with subject or body 'help' to
>>  list-request at lists.sans.org
>>
>>  You can reach the person managing the list at
>>  list-owner at lists.sans.org
>>
>>  When replying, please edit your Subject line so it is more specific
>>  than "Re: Contents of Dshield digest..."
>>
>
>
>--------------------------------------------------------------------------------
>
>
>>  Today's Topics:
>>
>>    1. Re: Delivery reports about your e-mail (Jim McCullough)
>>    2. Re: Delivery reports about your e-mail (M Quibell)
>>    3. Re: Delivery reports about your e-mail (David Brodbeck)
>>
>
>
>--------------------------------------------------------------------------------
>
>
>>  _______________________________________________
>>  Dshield mailing list
>>  Dshield at lists.sans.org
>>  https://lists.sans.org/mailman/listinfo/list
>>
>
>_______________________________________________
>Dshield mailing list
>Dshield at lists.sans.org
>To change your subscription options (or 
>unsubscribe), see: 
>https://lists.sans.org/mailman/listinfo/list


-- 
Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/ local wx: http://www.oitc.com/weather
US Phone Numbers: 321-984-3714, 
321-729-6258(fax), 321-258-2475(cell/voice 
mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com

Never argue with an idiot: a bystander can't tell the difference. - Mark Twain

More information about the Dshield mailing list