[Dshield] [Fwd: new mail problem

Kenneth Coney superc at visuallink.com
Mon Aug 25 14:52:55 GMT 2003

My last two submissions bounced back to me with the below message.  :)

-------- Original Message --------
Subject: Re: Your last message to me was rejected.
Date: Sun, 24 Aug 2003 14:28:20 -0500
From: postmaster at temmc.com
To: Kenneth Coney <superc at visuallink.com>

  Your mail with Subject: Re: [Dshield] SoBig varient

   would appear to be unsolicited mail.

  Your message was sent to: list at dshield.org
  If you intended to contact that person for legitmate reasons then our 

  Please would you resend to the same address
  but add real- to the e-mail address, and it will bypass the filters.

  For example, bobm at example.com would become real-bobm at example.com. Thank you.


  Here is the messageID for postmaster reference: 19r0X9-0007lQ-8z:

------ This is a copy of the message, including all the headers. ------

Received: from root by spamkill with spam-scanned (Exim 4.20)
	id 19r0X9-0007lQ-8z
	for jlinscot at temmc.com; Sun, 24 Aug 2003 14:28:20 -0500
Received: from localhost [] by spamkill.temmc.com
	with SpamAssassin (2.55;
	Sun, 24 Aug 2003 14:28:20 -0500
From: Kenneth Coney <superc at visuallink.com>
To: list at dshield.org
Subject: Re: [Dshield] SoBig varient
Date: Sun, 24 Aug 2003 14:19:38 -0400
Message-Id: <3F4901BA.1030605 at visuallink.com>
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=7.3 required=5.0
X-Spam-Level: *******
X-Spam-Checker-Version: SpamAssassin 2.55 (
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_3F4911D4.D75F30F3"

This is a multi-part message in MIME format.

Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

---- Start SpamAssassin results
7.30 points, 5 required;
*  0.0 -- User-Agent header indicates a non-spam MUA (Mozilla)
* -0.5 -- Has a In-Reply-To header
* -0.1 -- Has a X-Accept-Language  header
* -0.5 -- Has a valid-looking References header
*  0.7 -- BODY: Talks about money with an exclamation!
*  2.0 -- RBL: Received via a relay in relays.osirusoft.com
           [RBL check: found]
*  5.7 -- RBL: DNSBL: sender is Confirmed Open Relay

---- End of SpamAssassin results

Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Received: from [] (helo=chihub1.truenorth.com)
	by spamkill with esmtp (Exim 4.20)
	id 19r0X9-0007lN-2P
	for jlinscot at temmc.com; Sun, 24 Aug 2003 14:28:15 -0500
Received: from chi-mx.truenorth.com ([]) by
           chihub1.truenorth.com (Netscape Messaging Server 4.15) with
           ESMTP id HK524701.QR7 for <jlinscot at temmc.com>; Sun, 24 Aug 2003
           14:28:55 -0500
Received: from iceman.incidents.org (mail2.giac.net [])
	by chi-mx.truenorth.com (8.11.6/8.11.6) with SMTP id h7OJZ9V96949
	for <jlinscot at temmc.com>; Sun, 24 Aug 2003 14:35:09 -0500 (CDT)
Received: (qmail 10269 invoked from network); 24 Aug 2003 19:28:48 -0000
Received: from chipper2-int (HELO viper.incidents.org) (
   by 0 with SMTP; 24 Aug 2003 19:28:48 -0000
Received: from localhost.localdomain (chipper2 [])
	by viper.incidents.org (8.11.6/8.11.6) with ESMTP id h7OJShH05823;
	Sun, 24 Aug 2003 15:28:44 -0400
Received: from dshield.org (charlie [])
	by viper.incidents.org (8.11.6/8.11.6) with ESMTP id h7OJ2gH32729
	for <list at viper.uunet>; Sun, 24 Aug 2003 15:02:42 -0400
Received: (qmail 8651 invoked from network); 24 Aug 2003 18:29:30 -0000
Received: from smtp.visuallink.com (HELO mx3.visuallink.com) (
   by 0 with SMTP; 24 Aug 2003 18:29:30 -0000
Received: from visuallink.com ([])
	by mx3.visuallink.com (8.12.8/8.12.8) with ESMTP id h7OIePFf012117
	for <list at dshield.org>; Sun, 24 Aug 2003 14:40:33 -0400
Message-ID: <3F4901BA.1030605 at visuallink.com>
Date: Sun, 24 Aug 2003 14:19:38 -0400
From: Kenneth Coney <superc at visuallink.com>
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US;
	rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: list at dshield.org
Subject: Re: [Dshield] SoBig varient
References: <200308241600.h7OG0QH23943 at viper.incidents.org>
In-Reply-To: <200308241600.h7OG0QH23943 at viper.incidents.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-MailScanner: Found to be clean
Old-X-Envelope-To: list at dshield.org
X-Envelope-To: UNKNOWN
X-Mailman-Approved-At: Sun, 24 Aug 2003 15:20:47 -0400
X-BeenThere: list at dshield.org
X-Mailman-Version: 2.1
Precedence: list
Reply-To: General DShield Discussion List <list at dshield.org>
List-Id: General DShield Discussion List <list.dshield.org>
List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/list>,
	<mailto:list-request at dshield.org?subject=unsubscribe>
List-Archive: <http://www.dshield.org/pipermail/list>
List-Post: <mailto:list at dshield.org>
List-Help: <mailto:list-request at dshield.org?subject=help>
List-Subscribe: <http://www.dshield.org/mailman/listinfo/list>,
	<mailto:list-request at dshield.org?subject=subscribe>
Sender: list-bounces at dshield.org
Errors-To: list-bounces at dshield.org

They can't until the law is changed.  RICO requires the criminal enterprise
include systematic acts of violence (i.e., murder, kidnapping, arson, etc.)
as a part of the enterprise.  The law was written to hit drug
pushers/sugglers, loan sharks and slavers.  It isn't really usable against
rings of pick pockets, shoplifting gangs, or high school kids writing
viruses to shut down a website for giggles.

Re: [Dshield] SoBig varient
"Jon R. Kibler" <Jon.Kibler at aset.com>
Sun, 24 Aug 2003 11:36:18 -0400
General DShield Discussion List <list at dshield.org>

Milo wrote:

  >> Trend is reporting the following
  >> Maybe so kiddies got a hold of the code and tried to alter it?  I will
say I
  >> have seen an increase in spam in the last 24hrs, not a huge amount but 
  >> than the last few days.

I have to think that this is not a script kiddies virus. It is a virus that
facilitates spam. Do you see a lot of scanning looking for infected
systems? We don't. Spam in on the increase. Spammers clearly know what
systems are infected. Connect the dots.

After all, let's face it: Most spam originates from the criminal hijacking
of computers and forcing the hijacked computers to send spam. Connect the
dots. Doesn't that make spammer's criminals?

Why would someone write and spread a virus that benefits someone else?
Someone else's criminal enterprise. It just doesn't add up.

So, why wouldn't spammers be in the forefront of virus writing technology?
After all, the writing and spreading of such viruses only benefits their
criminal enterprise. What's one more criminal act going to cost them?
Actually, it will probably make them a lot of money!

When you connect all the dots, it sounds like a good target for a Federal
RICO prosecution. I just wish the Feds saw it that way.

At least that's my $0.005's worth!

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA

P.S. For the non-Americans on this list, RICO (Racketeering and Corrupt
Influences Organization -- yes, the initials are out of order; I guess our
politicians just can't read/spell.) is a law that makes a bunch of rather
minor crimes into a major criminal offense with LOTS of hard time and BIG
financial penalties.

  >> Thanx, Paul
  >> ___________________________________

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: 


More information about the list mailing list