[Dshield] Potential new virus

Keith Bergen keith at keithbergen.com
Wed Feb 4 17:50:27 GMT 2004


Look at this. Responding to my own post.

Here's the full headers of the email that I received.
Return-Path: <tdozal at sw2000.com>
Received: from vmmr3.verisignmail.com (vmmr3.verisignmail.com
[10.166.0.141])
	by ms6.verisignmail.com (Mirapoint Messaging Server MOS 3.2.2-GA)
	with ESMTP id BDD09275;
	Tue, 3 Feb 2004 16:47:15 -0500 (EST)
Received: from imr4.verisignmail.com (vmbmnat.verisignmail.com
[216.168.230.170])
	by vmmr3.verisignmail.com (Mirapoint Messaging Server MOS 3.2.2-GA)
	with ESMTP id QRK63837;
	Tue, 3 Feb 2004 16:47:12 -0500 (EST)
Received: from juliet.skynet.be (juliet.skynet.be [195.238.2.105])
	by imr4.verisignmail.com (8.12.10/8.12.10) with ESMTP id
i13Ll7ID002372
	for <keith [at] keithbergen.com>; Tue, 3 Feb 2004 16:47:10 -0500
(EST)
Received: from october.skynet.be (october.skynet.be [195.238.3.58])
	by juliet.skynet.be (8.12.9/8.12.9/Skynet-OUT-FALLBACK-2.22) with
ESMTP id i13He3p3012380
	for <keith [at] keithbergen.com>; Tue, 3 Feb 2004 18:40:03 +0100
(MET)
	(envelope-from <tdozal at sw2000.com>)
Received: from skynet (9.47-201-80.adsl.skynet.be [80.201.47.9])
        by october.skynet.be (8.12.9/8.12.9/Skynet-OUT-2.21) with SMTP id
i13HYbrm025654;
	Tue, 3 Feb 2004 18:34:37 +0100
        (envelope-from <tdozal at sw2000.com>)
Date: Tue, 3 Feb 2004 18:34:37 +0100
Message-Id: <200402031734.i13HYbrm025654 at october.skynet.be>
From: "Dozal, Tim" <tdozal at sw2000.com>
Subject:  RE: more info on a hopefully unsuccessful  compromise
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------TDT2DLIPRTZTSF"
To: undisclosed-recipients:;
X-RAVMilter-Version: 8.4.3(snapshot 20030212) (october.skynet.be)


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Keith Bergen
Sent: Wednesday, February 04, 2004 9:10 AM
To: Mike
Cc: 'General DShield Discussion List'
Subject: RE: [Dshield] Potential new virus


So far, I have only received an automated response from 
Norton.

I saved the message, I'll look at the full headers again, but 
I think it was from either .pt or .be (like yours is from).

Keith.

---- Original message ----
>Date: Wed, 4 Feb 2004 18:50:00 +1300
>From: "Mike" <mjcarter at ihug.co.nz>
>Subject: RE: [Dshield] Potential new virus  
>To: "'General DShield Discussion List'" <list at dshield.org>
>Cc: <keith [at] keithbergen.com>
>
>So did I, msg header below:
>
>Return-Path: <sgt_b2002 at comprehensive.com>
>Delivered-To: mjcarter at backend.pop.ihug.co.nz
>Received: (qmail 1661 invoked from network); 3 Feb 2004
17:44:57 -0000
>Received: from grunt12.ihug.co.nz (203.109.254.56)
>  by mail1.ihug.co.nz with SMTP; 3 Feb 2004 17:44:57 -0000
>Received: from ferengi.skynet.be [195.238.2.126]

[snip snip snip]

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list