Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fwd: FOUND VIRUS IN MAIL

  • From: James Thomason
  • Date: Tue Jun 18 12:28:30 2002

I could not get this virus to execute on my BSD box, the binary must
be corrupt.  

Clearly this person did not study their target audience. 

Regards, 
James


On 17 Jun 2002, Larry Rosenman wrote:

> 
> Fair Warning....
> 
> 
> 
> -----Forwarded Message-----
> 
> From: vscan@lerctr.org
> To: virusalert@lerctr.org
> Subject: FOUND VIRUS IN MAIL from <owner-nanog@merit.edu>
> Date: 17 Jun 2002 22:48:16 -0500
> 
> A virus was found in an email from:
> 
> <owner-nanog@merit.edu>
> 
> The message was addressed to: 
> 
> -> <ler@lerami.lerctr.org>
> 
> The message has been quarantined as:
> 
> /var/virusmails/virus-20020617-224816-21028
> 
> Here is the output of the scanner:
> 
> Scanning /var/amavis/amavis-milter-4Oa4l925/parts/*
> Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-1.txt
> Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-2.html
> Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe
> /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe
>         Found the DDoS-Slack trojan !!!
> 
> Summary report on /var/amavis/amavis-milter-4Oa4l925/parts/*
> File(s)
>         Total files: ...........       3
>         Clean: .................       2
>         Possibly Infected: .....       1
> 
> Here are the headers:
> 
> ------------------------- BEGIN HEADERS -----------------------------
> Received: by trapdoor.merit.edu (Postfix)
> 	id 0FA7F9124E; Mon, 17 Jun 2002 23:46:02 -0400 (EDT)
> Delivered-To: nanog-outgoing@trapdoor.merit.edu
> Received: by trapdoor.merit.edu (Postfix, from userid 56)
> 	id B621F9124F; Mon, 17 Jun 2002 23:46:01 -0400 (EDT)
> Delivered-To: nanog@trapdoor.merit.edu
> Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
> 	by trapdoor.merit.edu (Postfix) with ESMTP id A61099124E
> 	for <nanog@trapdoor.merit.edu>; Mon, 17 Jun 2002 23:45:58 -0400 (EDT)
> Received: by segue.merit.edu (Postfix)
> 	id 8CCEA5DE57; Mon, 17 Jun 2002 23:45:58 -0400 (EDT)
> Delivered-To: nanog@merit.edu
> Received: from web21109.mail.yahoo.com (web21109.mail.yahoo.com [216.136.227.111])
> 	by segue.merit.edu (Postfix) with SMTP id D92105DE52
> 	for <nanog@merit.edu>; Mon, 17 Jun 2002 23:45:57 -0400 (EDT)
> Message-ID: <20020618034556.54382.qmail@web21109.mail.yahoo.com>
> Received: from [68.36.89.121] by web21109.mail.yahoo.com via HTTP; Mon, 17 Jun 2002 20:45:56 PDT
> Date: Mon, 17 Jun 2002 20:45:56 -0700 (PDT)
> From: jim bruer <jim_teh_man@yahoo.com>
> Subject: ConfigMaker Beta 
> To: nanog@merit.edu
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="0-340633384-1024371956=:50295"
> Sender: owner-nanog@merit.edu
> Precedence: bulk
> Errors-To: owner-nanog-outgoing@merit.edu
> X-Loop: nanog
> -------------------------- END HEADERS ------------------------------
> -- 
> Larry Rosenman                     http://www.lerctr.org/~ler
> Phone: +1 972-414-9812                 E-Mail: ler@lerctr.org
> US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
> 






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.