[Dshield] MS Virus Header

Doug White doug at clickdoug.com
Sun Sep 21 01:29:34 GMT 2003


here is another
Received: from GULF.clickdoug.com [66.139.91.41] by bayou with ESMTP
  (SMTPD32-8.01) id AA9180026; Sat, 20 Sep 2003 20:10:41 -0500
Received: from localhost (GULF [127.0.0.1])
 by GULF.clickdoug.com (Postfix) with ESMTP id E41433E007C
 for <doug at samcfug.org>; Sat, 20 Sep 2003 20:08:34 -0500 (CDT)
Received: from GULF.clickdoug.com ([127.0.0.1])
 by localhost (GULF.clickdoug.com [127.0.0.1:10027]) (amavisd-new) with ESMTP
 id 09057-10 for <doug at samcfug.org>; Sat, 20 Sep 2003 20:08:27 -0500 (CDT)
Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])
 by GULF.clickdoug.com (Postfix) with ESMTP id D49523E006E
 for <doug at samcfug.org>; Sat, 20 Sep 2003 20:08:23 -0500 (CDT)
Received: from sccrmhc12.comcast.net (localhost[127.0.0.1])
          by comcast.net (sccrmhc12) with ESMTP
          id <2003092101102301200q9of3e>; Sun, 21 Sep 2003 01:10:23 +0000
X-Comment: AT&T Maillennium special handling codes - xc
Date: Sun, 21 Sep 2003 00:55:10 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium
Received: from jfkkakm (c-67-160-127-193.client.comcast.net[67.160.127.193])
          by comcast.net (sccrmhc12) with SMTP
          id <2003092100550401200r9pjre>; Sun, 21 Sep 2003 00:55:10 +0000
X-Comment: AT&T Maillennium special handling code - c
From: "Mail Service" <smtpform at netmail.com>
To: " " <user at smtpserver.com>
SUBJECT: bug message
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="mtsnstbr"
Message-Id: <20030921010823.D49523E006E at GULF.clickdoug.com>
X-Virus-Scanned: by amavisd-new & H+BEDV AntiVir
X-RCPT-TO: <doug at samcfug.org>
Status: U
X-UIDL: 360909371

--mtsnstbr
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD></HEAD>
<BODY>
<iframe src=3D"cid:rrbsenavwnsc" height=3D0 width=3D0></iframe>
<BR><BR><BR>Undeliverable mail to <B>nhcroogrpq at netmail.com</B>
<BR><BR><BR>Message follows:<BR><BR><BR><BR>
</BODY></HTML>

--mtsnstbr
Content-Type: audio/x-wav; name="hezeha.zl6"
Content-Transfer-Encoding: base64
Content-Id: <rrbsenavwnsc>



--mtsnstbr--

and another:

Received: from cpros.com (hosting.cpros.com [208.33.7.40])
by GULF.clickdoug.com (Postfix) with ESMTP id 87A7D3E006E
for <xxxx>; Sat, 20 Sep 2003 19:43:06 -0500 (CDT)
Received: from ljys (dialup-ras25-182.eug.or.uspops.net [64.28.61.182])
by cpros.com (8.12.8/8.12.5) with SMTP id h8L0dFSh028173;
Sat, 20 Sep 2003 17:39:23 -0700
Date: Sat, 20 Sep 2003 17:39:15 -0700
Message-Id: <200309210039.h8L0dFSh028173 at cpros.com>
From: "Internet Storage Service" <mailform at microsoft.net>
To: "Email Recipient" <user at homeserver.com>
SUBJECT: Report
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="yzrqpeltkvrzdkt"



======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
======================================
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "Alan Frayer" <afrayer at frayernet.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Saturday, September 20, 2003 6:54 PM
Subject: [Dshield] MS Virus Header


| Someone requested a header from the current virus distribution...
|
| Received:  by mail01.powweb.com (mbox 7427.afrayer) (with Cubic Circle's
| cucipop (v1.31 1998/05/13) Sat Sep 20 16:50:55 2003)
| X-From_:  starcollector at earthlink.net  Sat Sep 20 16:14:07 2003
| Return-Path:  <starcollector at earthlink.net>
| X-Original-To:  afrayer at frayernet.com
| Delivered-To:  7427.afrayer at mail01.powweb.com
| Received:  from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net
| [207.217.120.123]) by mail01.powweb.com (Postfix) with ESMTP id
| 5ED29369BE for <afrayer at frayernet.com>; Sat, 20 Sep 2003 16:14:07 -0700
| (PDT)
| Received:  from pool0208.cvx15-bradley.dialup.earthlink.net
| ([209.179.44.208] helo=itbktz) by swan.mail.pas.earthlink.net with smtp
| (Exim 3.33 #1) id 1A0qsG-0002uT-00; Sat, 20 Sep 2003 16:10:46 -0700
| From: MS Net Message Service <emailprogram at puremail.com>
| To: Mail Recipient <receiver at emaildomain.net>
| Subject: Advice
| Mime-Version:  1.0
| Content-Type:  multipart/alternative; boundary="ffobsllyvq"
| Message-Id:  <E1A0qsG-0002uT-00 at swan.mail.pas.earthlink.net>
| Date: Sat, 20 Sep 2003 16:10:46 -0700
| X-Evolution-Source:  pop://7427.afrayer@mail.frayernet.com/
|
| ------
|
| This was one of many...
|
| ________________________________________________________________________
| Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
| Seeking an IT Mgmt/Network Admin position in the Tampa Bay Region
| If you would like to discuss an opportunity with me, please e-mail.
|
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|




More information about the list mailing list