[Fwd: SECURITY WARNING - possible email attack]
John Hardin
johnh at aproposretail.com
Sat Jul 7 07:34:34 EST 2001
WARNING TO ALL - I just got what appears to be an infected Word document
attachment via the list.
The apparently forged headers look suspicious, too.
Procmail Security daemon wrote:
>
> REPORT: Trapped poisoned Microsoft attachment
> REPORT: Macro Scanner score: 129
> STATUS: Message quarantined in /var/spool/mail/security, not delivered to recipient.
>
> Headers from message:
>
> > From owner-openssh-unix-dev at mindrot.org Fri Jul 6 14:13:46 2001
> > Return-Path: <owner-openssh-unix-dev at mindrot.org>
> > Received: from shitei.mindrot.org (IDENT:j3mtrjbl8n05a3tc2t11 at intern12.lnk.telstra.net [139.130.53.38])
> > by boundary.aproposretail.com (8.9.3/8.8.7) with ESMTP id OAA14550
> > for <johnh at aproposretail.com>; Fri, 6 Jul 2001 14:09:33 -0700
> > Received: by shitei.mindrot.org (Postfix)
> > id 251892DF34; Sat, 7 Jul 2001 07:08:11 +1000 (EST)
> > Delivered-To: openssh-unix-dev-list-93873 at shitei.mindrot.org
> > Received: by shitei.mindrot.org (Postfix, from userid 1000)
> > id BEA1B2DF13; Sat, 7 Jul 2001 07:08:10 +1000 (EST)
> > Received: from kalaid.f2f.com.ua (kalaid.f2f.com.ua [62.149.0.33])
> > by shitei.mindrot.org (Postfix) with ESMTP
> > id 9AD6A2DF0F; Sat, 7 Jul 2001 07:07:14 +1000 (EST)
> > Received: from Mail-In.Net (borey.f2f.com.ua [62.149.0.24])
> > by kalaid.f2f.com.ua (8.11.3/8.11.1) with ESMTP id f66L7bC26071;
> > Sat, 7 Jul 2001 00:07:37 +0300 (EEST)
> > (envelope-from pavgrig at mail.ru)
> > Received: from QRJATYDI ([212.35.189.164])
> > by Mail-In.Net (8.11.3/8.H.Z) with SMTP id f66Jh0Z20442;
> > Fri, 6 Jul 2001 22:43:04 +0300 (EEST)
> > Message-Id: <200107061943.f66Jh0Z20442 at Mail-In.Net>
> > From: <pavgrig at mail.ru>
> > To: User at Mail-In.Net
> > Subject: Ñåìèíàðû
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Mailer: Mega-Mailer
> > Date: Fri, 6 Jul 2001 17:50:54 +0200
> > Mime-Version: 1.0
> > X-Security: MIME headers sanitized on boundary.aproposretail.com
> > See http://www.impsec.org/email-tools/procmail-security.html
> > for details. $Revision: 1.129 $Date: 2001-04-14 20:20:43-07
> > Content-Type: multipart/mixed;
> > boundary="=_NextPart_30434667226640806467"
> > Sender: owner-openssh-unix-dev at mindrot.org
> > Precedence: bulk
> >
--
John Hardin <johnh at aproposretail.com>
Internal Systems Administrator voice: (425) 672-1304
Apropos Retail Management Systems, Inc. fax: (425) 672-0192
-----------------------------------------------------------------------
12 days until Forum 2001
More information about the openssh-unix-dev
mailing list