[Dshield] [Fwd: new mail problem

Scott Fendley scottf at uark.edu
Wed Aug 27 17:11:38 GMT 2003


Woops...sorry that we hadn't replied earlier.  I will look into it
further, but suspect that this may be partly due to Osirusoft's demise
this week as an RBL.   Hopefully we will get that fixed asap so that your
posts won't be as likely to get spam tagged.  Sorry about that.

Scott Fendley
co-moderator

On Mon, 25 Aug 2003, Kenneth Coney wrote:

> My last two submissions bounced back to me with the below message.  :)
>
> -------- Original Message --------
> Subject: Re: Your last message to me was rejected.
> Date: Sun, 24 Aug 2003 14:28:20 -0500
> From: postmaster at temmc.com
> To: Kenneth Coney <superc at visuallink.com>
>
>
>   Your mail with Subject: Re: [Dshield] SoBig varient
>
>
>
>    would appear to be unsolicited mail.
>
>   Your message was sent to: list at dshield.org
>   If you intended to contact that person for legitmate reasons then our
> apologies.
>
>   Please would you resend to the same address
>   but add real- to the e-mail address, and it will bypass the filters.
>
>   For example, bobm at example.com would become real-bobm at example.com. Thank you.
>
>   Postmaster
>
>   Here is the messageID for postmaster reference: 19r0X9-0007lQ-8z:
>
> ------ This is a copy of the message, including all the headers. ------
>
> Received: from root by spamkill with spam-scanned (Exim 4.20)
> 	id 19r0X9-0007lQ-8z
> 	for jlinscot at temmc.com; Sun, 24 Aug 2003 14:28:20 -0500
> Received: from localhost [127.0.0.1] by spamkill.temmc.com
> 	with SpamAssassin (2.55 1.174.2.19-2003-05-19-exp);
> 	Sun, 24 Aug 2003 14:28:20 -0500
> From: Kenneth Coney <superc at visuallink.com>
> To: list at dshield.org
> Subject: Re: [Dshield] SoBig varient
> Date: Sun, 24 Aug 2003 14:19:38 -0400
> Message-Id: <3F4901BA.1030605 at visuallink.com>
> X-Spam-Flag: YES
> X-Spam-Status: Yes, hits=7.3 required=5.0
> 	tests=BANG_MONEY,IN_REP_TO,RCVD_IN_OSIRUSOFT_COM,REFERENCES,
> 	      USER_AGENT_MOZILLA_UA,X_ACCEPT_LANG,X_OSIRU_OPEN_RELAY
> 	version=2.55
> X-Spam-Level: *******
> X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------=_3F4911D4.D75F30F3"
>
> This is a multi-part message in MIME format.
>
> ------------=_3F4911D4.D75F30F3
> Content-Type: text/plain
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
>
> ---- Start SpamAssassin results
> 7.30 points, 5 required;
> *  0.0 -- User-Agent header indicates a non-spam MUA (Mozilla)
> * -0.5 -- Has a In-Reply-To header
> * -0.1 -- Has a X-Accept-Language  header
> * -0.5 -- Has a valid-looking References header
> *  0.7 -- BODY: Talks about money with an exclamation!
> *  2.0 -- RBL: Received via a relay in relays.osirusoft.com
>            [RBL check: found 179.68.151.206.relays.osirusoft.com.]
> *  5.7 -- RBL: DNSBL: sender is Confirmed Open Relay
>
> ---- End of SpamAssassin results
>
>
>
> ------------=_3F4911D4.D75F30F3
> Content-Type: message/rfc822; x-spam-type=original
> Content-Description: original message before SpamAssassin
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
>
> Received: from [170.200.92.65] (helo=chihub1.truenorth.com)
> 	by spamkill with esmtp (Exim 4.20)
> 	id 19r0X9-0007lN-2P
> 	for jlinscot at temmc.com; Sun, 24 Aug 2003 14:28:15 -0500
> Received: from chi-mx.truenorth.com ([127.0.0.1]) by
>            chihub1.truenorth.com (Netscape Messaging Server 4.15) with
>            ESMTP id HK524701.QR7 for <jlinscot at temmc.com>; Sun, 24 Aug 2003
>            14:28:55 -0500
> Received: from iceman.incidents.org (mail2.giac.net [63.100.47.43])
> 	by chi-mx.truenorth.com (8.11.6/8.11.6) with SMTP id h7OJZ9V96949
> 	for <jlinscot at temmc.com>; Sun, 24 Aug 2003 14:35:09 -0500 (CDT)
> Received: (qmail 10269 invoked from network); 24 Aug 2003 19:28:48 -0000
> Received: from chipper2-int (HELO viper.incidents.org) (10.36.0.2)
>    by 0 with SMTP; 24 Aug 2003 19:28:48 -0000
> Received: from localhost.localdomain (chipper2 [127.0.0.1])
> 	by viper.incidents.org (8.11.6/8.11.6) with ESMTP id h7OJShH05823;
> 	Sun, 24 Aug 2003 15:28:44 -0400
> Received: from dshield.org (charlie [10.51.0.11])
> 	by viper.incidents.org (8.11.6/8.11.6) with ESMTP id h7OJ2gH32729
> 	for <list at viper.uunet>; Sun, 24 Aug 2003 15:02:42 -0400
> Received: (qmail 8651 invoked from network); 24 Aug 2003 18:29:30 -0000
> Received: from smtp.visuallink.com (HELO mx3.visuallink.com) (206.151.68.179)
>    by 0 with SMTP; 24 Aug 2003 18:29:30 -0000
> Received: from visuallink.com ([66.84.80.0])
> 	by mx3.visuallink.com (8.12.8/8.12.8) with ESMTP id h7OIePFf012117
> 	for <list at dshield.org>; Sun, 24 Aug 2003 14:40:33 -0400
> Message-ID: <3F4901BA.1030605 at visuallink.com>
> Date: Sun, 24 Aug 2003 14:19:38 -0400
> From: Kenneth Coney <superc at visuallink.com>
> User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US;
> 	rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
> X-Accept-Language: en-us, en
> MIME-Version: 1.0
> To: list at dshield.org
> Subject: Re: [Dshield] SoBig varient
> References: <200308241600.h7OG0QH23943 at viper.incidents.org>
> In-Reply-To: <200308241600.h7OG0QH23943 at viper.incidents.org>
> Content-Type: text/plain; charset=us-ascii; format=flowed
> Content-Transfer-Encoding: 7bit
> X-MailScanner: Found to be clean
> Old-X-Envelope-To: list at dshield.org
> X-Envelope-To: UNKNOWN
> X-Mailman-Approved-At: Sun, 24 Aug 2003 15:20:47 -0400
> X-BeenThere: list at dshield.org
> X-Mailman-Version: 2.1
> Precedence: list
> Reply-To: General DShield Discussion List <list at dshield.org>
> List-Id: General DShield Discussion List <list.dshield.org>
> List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/list>,
> 	<mailto:list-request at dshield.org?subject=unsubscribe>
> List-Archive: <http://www.dshield.org/pipermail/list>
> List-Post: <mailto:list at dshield.org>
> List-Help: <mailto:list-request at dshield.org?subject=help>
> List-Subscribe: <http://www.dshield.org/mailman/listinfo/list>,
> 	<mailto:list-request at dshield.org?subject=subscribe>
> Sender: list-bounces at dshield.org
> Errors-To: list-bounces at dshield.org
>
> They can't until the law is changed.  RICO requires the criminal enterprise
> include systematic acts of violence (i.e., murder, kidnapping, arson, etc.)
> as a part of the enterprise.  The law was written to hit drug
> pushers/sugglers, loan sharks and slavers.  It isn't really usable against
> rings of pick pockets, shoplifting gangs, or high school kids writing
> viruses to shut down a website for giggles.
>
>
> Subject:
> Re: [Dshield] SoBig varient
> From:
> "Jon R. Kibler" <Jon.Kibler at aset.com>
> Date:
> Sun, 24 Aug 2003 11:36:18 -0400
> To:
> General DShield Discussion List <list at dshield.org>
>
> Milo wrote:
>
>   >>
>   >> Trend is reporting the following
>   >>
> http://www.trendmicro.com/vinfo/virusencyclo/default5.aspVName=WORM_SOBIG.F.DAM
>   >> Maybe so kiddies got a hold of the code and tried to alter it?  I will
> say I
>   >> have seen an increase in spam in the last 24hrs, not a huge amount but
> more
>   >> than the last few days.
>
>
> I have to think that this is not a script kiddies virus. It is a virus
that
> facilitates spam. Do you see a lot of scanning looking for infected
> systems? We don't. Spam in on the increase. Spammers clearly know what
> systems are infected. Connect the dots.
>
> After all, let's face it: Most spam originates from the criminal hijacking
> of computers and forcing the hijacked computers to send spam. Connect the
> dots. Doesn't that make spammer's criminals?
>
> Why would someone write and spread a virus that benefits someone else?
> Someone else's criminal enterprise. It just doesn't add up.
>
> So, why wouldn't spammers be in the forefront of virus writing technology?
> After all, the writing and spreading of such viruses only benefits their
> criminal enterprise. What's one more criminal act going to cost them?
> Actually, it will probably make them a lot of money!
>
> When you connect all the dots, it sounds like a good target for a Federal
> RICO prosecution. I just wish the Feds saw it that way.
>
> At least that's my $0.005's worth!
>
> Jon R. Kibler
> A.S.E.T., Inc.
> Charleston, SC  USA
>
> P.S. For the non-Americans on this list, RICO (Racketeering and Corrupt
> Influences Organization -- yes, the initials are out of order; I guess our
> politicians just can't read/spell.) is a law that makes a bunch of rather
> minor crimes into a major criminal offense with LOTS of hard time and BIG
> financial penalties.
>
>
>   >>
>   >> Thanx, Paul
>   >>
>   >> ___________________________________
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> ------------=_3F4911D4.D75F30F3--
>
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>
>
>




More information about the list mailing list