North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

virus spreader from ptt.ru

  • From: Dana Hudes
  • Date: Sun Jun 25 23:52:41 2000 
Hello. A dialup user in ptt.ru is sending out mass mail with a virus attached; tonight was the second time in as many days. The ISP has been notified but has not responded. You may wish to black hole their dialup port range to protect your network's mail systems.

Return-Path: <>
Received: from mail1.panix.com (mail1.panix.com [166.84.0.212])
 by harmony.hudes.org (8.9.3/8.9.3) with ESMTP id MAA01055
 for <[email protected]>; Sun, 25 Jun 2000 12:05:53 -0400
Received: by mail1.panix.com (Postfix)
 id 903E530F93; Sun, 25 Jun 2000 12:05:27 -0400 (EDT)
Delivered-To: [email protected]
Received: from dialup.ptt.ru (dialup.ptt.ru [195.34.0.100])
 by mail1.panix.com (Postfix) with SMTP id 21A6730EC5
 for <[email protected]>; Sun, 25 Jun 2000 12:05:07 -0400 (EDT)
Received: (qmail 13626 invoked from network); 25 Jun 2000 15:37:06 -0000
Received: from dialup-27028.dialup.ptt.ru (HELO pink) (195.34.27.28)
  by dialup.ptt.ru with SMTP; 25 Jun 2000 15:37:06 -0000
To: [email protected]
From: ���@panix.com, �����@panix.com
Subject: Mission(download)
Date: Sun, 25 Jun 2000 19:37:47 +0300
Message-Id: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=juhbchtmlnhbclru
Status:   

--juhbchtmlnhbclru
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit


   ��� ����� �� DOWNLOAD.RU
Http://www.download.ru
������� �� ��� �����.                        
--juhbchtmlnhbclru
Content-Type: application/x-zip-compressed; name="Mission(download).zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Mission(download).zip"

(Virus attachment deleted; if you really want it e-mail me a request)

--juhbchtmlnhbclru--

inetnum:     195.34.0.0 - 195.34.0.127
netname:     PTT-1
descr:       PTT-Teleport Moscow, JSC
descr:       Russia, Moscow
country:     RU
admin-c:     SK6742-RIPE
tech-c:      AVM1-RIPE
status:      ASSIGNED PA
changed:     [email protected] 20000323
source:      RIPE

route:       195.34.0.0/19
descr:       PTTNET's first /19 block
origin:      AS6795
notify:      [email protected]
mnt-by:      PTTNET-RIPE-MNT
changed:     [email protected] 19980206
source:      RIPE