[Fwd: SECURITY WARNING - possible email attack]

John Hardin johnh at aproposretail.com
Sat Jul 7 07:34:34 EST 2001


WARNING TO ALL - I just got what appears to be an infected Word document
attachment via the list.

The apparently forged headers look suspicious, too.

Procmail Security daemon wrote:
> 
> REPORT: Trapped poisoned Microsoft attachment
> REPORT: Macro Scanner score: 129
> STATUS: Message quarantined in /var/spool/mail/security, not delivered to recipient.
> 
> Headers from message:
> 
> > From owner-openssh-unix-dev at mindrot.org  Fri Jul  6 14:13:46 2001
> > Return-Path: <owner-openssh-unix-dev at mindrot.org>
> > Received: from shitei.mindrot.org (IDENT:j3mtrjbl8n05a3tc2t11 at intern12.lnk.telstra.net [139.130.53.38])
> >       by boundary.aproposretail.com (8.9.3/8.8.7) with ESMTP id OAA14550
> >       for <johnh at aproposretail.com>; Fri, 6 Jul 2001 14:09:33 -0700
> > Received: by shitei.mindrot.org (Postfix)
> >       id 251892DF34; Sat,  7 Jul 2001 07:08:11 +1000 (EST)
> > Delivered-To: openssh-unix-dev-list-93873 at shitei.mindrot.org
> > Received: by shitei.mindrot.org (Postfix, from userid 1000)
> >       id BEA1B2DF13; Sat,  7 Jul 2001 07:08:10 +1000 (EST)
> > Received: from kalaid.f2f.com.ua (kalaid.f2f.com.ua [62.149.0.33])
> >       by shitei.mindrot.org (Postfix) with ESMTP
> >       id 9AD6A2DF0F; Sat,  7 Jul 2001 07:07:14 +1000 (EST)
> > Received: from Mail-In.Net (borey.f2f.com.ua [62.149.0.24])
> >       by kalaid.f2f.com.ua (8.11.3/8.11.1) with ESMTP id f66L7bC26071;
> >       Sat, 7 Jul 2001 00:07:37 +0300 (EEST)
> >       (envelope-from pavgrig at mail.ru)
> > Received: from QRJATYDI ([212.35.189.164])
> >       by Mail-In.Net (8.11.3/8.H.Z) with SMTP id f66Jh0Z20442;
> >       Fri, 6 Jul 2001 22:43:04 +0300 (EEST)
> > Message-Id: <200107061943.f66Jh0Z20442 at Mail-In.Net>
> > From: <pavgrig at mail.ru>
> > To: User at Mail-In.Net
> > Subject: Ñåìèíàðû
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Mailer: Mega-Mailer
> > Date: Fri, 6 Jul 2001 17:50:54 +0200
> > Mime-Version: 1.0
> > X-Security: MIME headers sanitized on boundary.aproposretail.com
> >       See http://www.impsec.org/email-tools/procmail-security.html
> >       for details. $Revision: 1.129 $Date: 2001-04-14 20:20:43-07
> > Content-Type: multipart/mixed;
> >       boundary="=_NextPart_30434667226640806467"
> > Sender: owner-openssh-unix-dev at mindrot.org
> > Precedence: bulk
> >

--
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 12 days until Forum 2001



More information about the openssh-unix-dev mailing list