North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
other virus damages/costs.....(hello skynet.be ?)
- From: Mike Tancsa
- Date: Mon Feb 02 08:00:10 2004
Looking at my disk stats, my mail storage spool has grown by 15% in the
past week not due the deluge of viruses which I can block and reject, but
in large part to those idiotic "Hi, I am sorry in a happy idiotic way to
inform you that the message you sent has a virus" messages.... As almost
all of them forge their email address, what is the point of warning the
"sender." Even better, I wake up this am to 285 (and growing) messages
below telling me that someone at skynet is trying to send me a virus
message and it cc's 64 other people. Nice.
---Mike
From: "Skynet Mail Protection" <support@skynet.be>
To: gbs-vossem@pi.be
To: timofeev@granch.ru
To: chris@aims.com.au
To: dcs@newsguy.com
To: imp@harmony.village.org
To: ted@ness.plymouth.edu
To: deepak@ai.net
To: bmilekic@technokratis.com
To: randy@psg.com
To: sthaug@nethelp.no
To: shelton@sentry.granch.ru
To: danny_j_mitzel@yahoo.com
To: tinguely@web.cs.ndsu.nodak.edu
To: charon@hell.gr
To: jesper@skriver.dk
To: anandfranklin@hotmail.com
To: nascar24@home.nl
To: c.prevotaux@hexanet.fr
To: reichert@numachi.com
To: andy@tecc.co.uk
To: provos@citi.umich.edu
To: rtek@dolfijntje.nl
To: jack_xiao99@hotmail.com
To: mark.blackman@netscalibur.co.uk
To: gunther@aurora.regenstrief.org
To: s_bschmi@ira.uka.de
To: vova@express.ru
To: vlad@ariel.phys.wesleyan.edu
To: lord@4jon.com
To: assar@freebsd.org
To: peter.jeremy@alcatel.com.au
To: chaegle@mediaone.net
To: brad@wcubed.net
To: ewiz@mail.dotcom.fr
To: freedom@csie.nctu.edu.tw
To: oberman@es.net
To: wes@softweyr.com
To: julian@elischer.org
To: iedowse@maths.tcd.ie
To: sroberts84@hotmail.com
To: maddave@suxx.eu.org
To: ambrisko@ambrisko.com
To: ari@suutari.iki.fi
To: bonnetf@plonk.esiee.fr
To: lucky@land3.nsu.ru
To: ume@freebsd.org
To: crewking@buckeye-express.com
To: bright@sneakerz.org
To: tlambert@primenet.com
To: gwford@home.com
To: vlad@infonet.com.ua
To: freebsd-lists-for-dayan-only-owner@egroups.co.uk
To: kimch@etri.re.kr
To: chris@calldei.com
To: peter@guest-tek.com
To: sudish@corp.earthlink.net
To: peter@wemm.org
To: cristjc@earthlink.net
To: yar@freebsd.org
To: shalunov@internet2.edu
To: mike@sentex.net
To: roy@its-sby.edu
To: kjc@csl.sony.co.jp
To: seichert@coopcomp.com
Subject: Skynet Mail Protection scan results
Date: Mon, 02 Feb 2004 12:09:44 +0100
Importance: high
X-Mailer: ravmd/8.4.2
X-RAVMilter-Version: 8.4.3(snapshot 20030212) (september.skynet.be)
X-Virus-Scanned: by amavisd-new
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
spamscanner4.sentex.ca
X-Spam-Level: *****
X-Spam-Status: Yes, hits=5.7 required=5.1 tests=MAILTO_TO_SPAM_ADDR,
MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,TW_JN,X_PRIORITY_HIGH,
X_PRI_MISMATCH_HI autolearn=no version=2.63
X-Spam-Report:
* 0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
* 0.1 TW_JN BODY: Odd Letter Triples with JN
* 1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely
spammer email
* 1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no
X-MimeOLE
* 2.8 X_PRI_MISMATCH_HI 'X-Priority' does not match
'X-MSMail-Priority'
* 0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't
-----------------------
This e-mail is generated by Skynet Mail Protection to warn you that the e-mail
sent by gbs-vossem@pi.be to timofeev@granch.ru, chris@aims.com.au,
dcs@newsguy.com, imp@harmony.village.org, ted@ness.plymouth.edu,
deepak@ai.net, bmilekic@technokratis.com, randy@psg.com,
sthaug@nethelp.no, shelton@sentry.granch.ru, danny_j_mitzel@yahoo.com,
tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr, jesper@skriver.dk,
anandfranklin@hotmail.com, nascar24@home.nl, c.prevotaux@hexanet.fr,
reichert@numachi.com, andy@tecc.co.uk, provos@citi.umich.edu,
rtek@dolfijntje.nl, jack_xiao99@hotmail.com,
mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,
s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,
lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,
chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,
freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,
julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,
maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi,
bonnetf@news.esiee.fr, lucky@land3.nsu.!
ru, ume@freebsd.org, crewking@buckeye-express.com, bright@sneakerz.org,
tlambert@primenet.com, gwford@home.com, vlad@infonet.com.ua,
freebsd-lists-for-dayan-only-owner@egroups.co.uk, kimch@etri.re.kr,
chris@calldei.com, peter@guest-tek.com, sudish@corp.earthlink.net,
peter@wemm.org, cristjc@earthlink.net, yar@freebsd.org,
shalunov@internet2.edu, mike@sentex.net, roy@its-sby.edu,
kjc@csl.sony.co.jp, seichert@coopcomp.com is infected with virus:
Win32/Swen.A@mm.
Deze e-mail is gegenereerd door Skynet Mail Protection om u te waarschuwen dat
de e-mail gestuurd door gbs-vossem@pi.be naar timofeev@granch.ru,
chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org,
ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com,
randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru,
danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr,
jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl,
c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk,
provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com,
mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,
s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,
lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,
chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,
freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,
julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,
maddave@suxx.eu.org, ambrisko@ambrisko.com, ari@suutari.iki.fi,
bonnetf@news.esiee.fr!
, lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com,
bright@sneakerz.org, tlambert@primenet.com, gwford@home.com,
vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk,
kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com,
sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net,
yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net,
roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com geinfecteerd
is met Win32/Swen.A@mm.
Ce mail est généré par Skynet Mail Protection afin de vous prévenir que
l'e-mail envoyé par gbs-vossem@pi.be à timofeev@granch.ru,
chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org,
ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com,
randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru,
danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr,
jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl,
c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk,
provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com,
mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,
s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,
lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,
chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,
freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,
julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,
maddave@suxx.eu.org,!
ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr,
lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com,
bright@sneakerz.org, tlambert@primenet.com, gwford@home.com,
vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk,
kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com,
sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net,
yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net,
roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com est infecté
par le virus : Win32/Swen.A@mm.
Please contact your system administrator for further information.
Gelieve uw systeembeheerder te contacteren voor meer informatie.
Veuillez contacter votre administrateur système pour de plus amples
informations.
If you are the sender:
Indien u de zender bent:
Si vous êtes l'expéditeur:
-------------------
The scanned e-mail has your address in the <From> header field. Either your
computer is infected or someone's computer having your e-mail address in
the address book has been infected.
De gescande e-mail heeft uw adres in het <From> veld. Dat betekent dat ofwel
jouw computer geinfecteerd is, ofwel dat iemand is geinfecteerd, die jouw
e-mail
adres in zijn/haar adresboek heeft.
Le mail scanné contient votre adresse e-mail dans son en-tête <De>.
Soit votre ordinateur est infecté soit votre adresse e-mail est reprise dans
le carnet d'adresse d'un ordinateur infecté.
If you are the receiver:
Indien u de bestemmeling bent:
Si vous êtes le destinataire:
---------------------
Please contact the sender: most likely he/she doesn't know he/she has a
computer virus.
Gelieve de zender te contacteren: hoogst waarschijnlijk weet hij/zij niet
dat hij/zij
geinfecteerd is met een computer virus.
Veuillez contacter l'expéditeur: le plus souvent, il/elle ne sait pas que son
ordinateur est infecté.
Actions taken for the infected files:
Ondernomen actie voor de geinfecteerde bestanden:
Actions prises pour les fichiers infectés:
-------------------------------------
The infected file was saved to quarantine with name:
1075720184-RAVi12B9bAP025868.
The file (part0004:Update.exe) attached to mail (with subject:net critical
upgrade) sent by gbs-vossem@pi.be to timofeev@granch.ru,
chris@aims.com.au, dcs@newsguy.com, imp@harmony.village.org,
ted@ness.plymouth.edu, deepak@ai.net, bmilekic@technokratis.com,
randy@psg.com, sthaug@nethelp.no, shelton@sentry.granch.ru,
danny_j_mitzel@yahoo.com, tinguely@web.cs.ndsu.nodak.edu, charon@hell.gr,
jesper@skriver.dk, anandfranklin@hotmail.com, nascar24@home.nl,
c.prevotaux@hexanet.fr, reichert@numachi.com, andy@tecc.co.uk,
provos@citi.umich.edu, rtek@dolfijntje.nl, jack_xiao99@hotmail.com,
mark.blackman@netscalibur.co.uk, gunther@aurora.regenstrief.org,
s_bschmi@ira.uka.de, vova@express.ru, vlad@ariel.phys.wesleyan.edu,
lord@4jon.com, assar@freebsd.org, peter.jeremy@alcatel.com.au,
chaegle@mediaone.net, brad@wcubed.net, ewiz@mail.dotcom.fr,
freedom@csie.nctu.edu.tw, oberman@es.net, wes@softweyr.com,
julian@elischer.org, iedowse@maths.tcd.ie, sroberts84@hotmail.com,
maddave@suxx.eu.org!
, ambrisko@ambrisko.com, ari@suutari.iki.fi, bonnetf@news.esiee.fr,
lucky@land3.nsu.ru, ume@freebsd.org, crewking@buckeye-express.com,
bright@sneakerz.org, tlambert@primenet.com, gwford@home.com,
vlad@infonet.com.ua, freebsd-lists-for-dayan-only-owner@egroups.co.uk,
kimch@etri.re.kr, chris@calldei.com, peter@guest-tek.com,
sudish@corp.earthlink.net, peter@wemm.org, cristjc@earthlink.net,
yar@freebsd.org, shalunov@internet2.edu, mike@sentex.net,
roy@its-sby.edu, kjc@csl.sony.co.jp, seichert@coopcomp.com
is infected with virus: Win32/Swen.A@mm.
The mail was not delivered because it contained dangerous code.
------------------------
this is a copy of the e-mail header:
RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212)
Scan engine 8.11 for i386.
Last update: Mon, 02 Feb 2004 04:36:04 +01
Scanning for 89407 malwares (viruses, trojans and worms).
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
|
