Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Weird email messages with "re:movie" and "re:application" in the subject line..

  • From: Mark Segal
  • Date: Wed Jun 25 23:36:40 2003

Here the best link I have seen so far... Thanks to kevin day..

http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html


My guess is they might need to upgrade it to more than 55-999 infections :).

mark


--
Mark Segal 
Director, Network Planning
FCI Broadband 
Tel: 905-284-4070 
Fax: 416-987-4701 
http://www.fcibroadband.com

Futureway Communications Inc. is now FCI Broadband


-----Original Message-----
From: Eric Brunner-Williams in Portland Maine [mailto:brunner@nic-naa.net] 
Sent: June 25, 2003 11:25 PM
To: Larry Rosenman
Cc: Mark Segal; 'nanog@merit.edu'; brunner@nic-naa.net
Subject: Re: Weird email messages with "re:movie" and "re:application" in
the subject line.. 



> W32/sobig.e@MM per McAffee.....

I seem to have done one better ... according to a M$ host in Level3-land,
the Unix box right in front of me sent the mail in question.

Someone at L3 needs to call home. The only L3 turd in my mail log is their
inbound...

Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589:
from=<administrator@Level3.com>, size=1711, class=0, nrcpts=1,
msgid=<012d01c33b68$2bd14b40$d706010a@corp.global.level3.com>, proto=ESMTP,
daemon=MTA, relay=machine77.Level3.com [209.244.4.106]

Cheers,
Eric
------- Forwarded Message

Return-Path: administrator@Level3.com
Delivery-Date: Wed Jun 25 18:21:11 2003
Return-Path: <administrator@Level3.com>
Received: from f1ee40-19.idc1.level3.com (machine77.Level3.com
[209.244.4.106])
	by nic-naa.net (8.12.9/8.12.9) with ESMTP id h5PMLB5U024589
	for <brunner@nic-naa.net>; Wed, 25 Jun 2003 18:21:11 -0400 (EDT)
Received: from idc1exc0001.corp.global.level3.com (localhost [127.0.0.1])
	by f1ee40-19.idc1.level3.com (8.8.8p2+Sun/8.8.8) with SMTP id
WAA02577
	for <brunner@nic-naa.net>; Wed, 25 Jun 2003 22:21:50 GMT
Received: from idc1exc0005.corp.global.level3.com ([10.1.6.215]) by
idc1exc0001.corp.global.level3.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Wed, 25 Jun 2003 16:21:49 -0600
Received: from mail pickup service by idc1exc0005.corp.global.level3.com
with Microsoft SMTPSVC;
	 Wed, 25 Jun 2003 16:21:49 -0600
thread-index: AcM7aCvRcfOY+VcOT2aAnuNoWHZmCQ==
Thread-Topic: [MailServer Notification]Alert to Sender:  File Attachment
Blocked
From: <Administrator@machine77.level3.com>
Sender: <Administrator@machine77.level3.com>
To: <brunner@nic-naa.net>
Subject: [MailServer Notification]Alert to Sender:  File Attachment Blocked
Date: Wed, 25 Jun 2003 16:21:49 -0600
Message-ID: <012d01c33b68$2bd14b40$d706010a@corp.global.level3.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Exchange 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
X-OriginalArrivalTime: 25 Jun 2003 22:21:49.0631 (UTC)
FILETIME=[2BF044F0:01C33B68]

ScanMail for Microsoft Exchange has blocked an attachment.

Sender = brunner@nic-naa.net
Recipient(s) = ops@genuity.com
Subject = Re: Movie
Scanning time = 06/25/2003 16:21:49

Action on file blocking:
The attachment your_details.zi matches the file blocking settings. ScanMail
has Deleted it. 

Attachment blocked due to extension match of .bat, .eml, .nws, .pif, .scr,
.src, .shs, .vbe, .vbs, .com, or .exe.

------- End of Forwarded Message




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.