North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical virus spreader from ptt.ru
Hello. A dialup user in ptt.ru is sending out mass mail with a virus attached; tonight was the second time in as many days. The ISP has been notified but has not responded. You may wish to black hole their dialup port range to protect your network's mail systems. Return-Path: <> Received: from mail1.panix.com (mail1.panix.com [166.84.0.212]) by harmony.hudes.org (8.9.3/8.9.3) with ESMTP id MAA01055 for <[email protected]>; Sun, 25 Jun 2000 12:05:53 -0400 Received: by mail1.panix.com (Postfix) id 903E530F93; Sun, 25 Jun 2000 12:05:27 -0400 (EDT) Delivered-To: [email protected] Received: from dialup.ptt.ru (dialup.ptt.ru [195.34.0.100]) by mail1.panix.com (Postfix) with SMTP id 21A6730EC5 for <[email protected]>; Sun, 25 Jun 2000 12:05:07 -0400 (EDT) Received: (qmail 13626 invoked from network); 25 Jun 2000 15:37:06 -0000 Received: from dialup-27028.dialup.ptt.ru (HELO pink) (195.34.27.28) by dialup.ptt.ru with SMTP; 25 Jun 2000 15:37:06 -0000 To: [email protected] From: ���@panix.com, �����@panix.com Subject: Mission(download) Date: Sun, 25 Jun 2000 19:37:47 +0300 Message-Id: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=juhbchtmlnhbclru Status: --juhbchtmlnhbclru Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit ��� ����� �� DOWNLOAD.RU Http://www.download.ru ������� �� ��� �����. --juhbchtmlnhbclru Content-Type: application/x-zip-compressed; name="Mission(download).zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Mission(download).zip" (Virus attachment deleted; if you really want it e-mail me a request) --juhbchtmlnhbclru-- inetnum: 195.34.0.0 - 195.34.0.127 netname: PTT-1 descr: PTT-Teleport Moscow, JSC descr: Russia, Moscow country: RU admin-c: SK6742-RIPE tech-c: AVM1-RIPE status: ASSIGNED PA changed: [email protected] 20000323 source: RIPE route: 195.34.0.0/19 descr: PTTNET's first /19 block origin: AS6795 notify: [email protected] mnt-by: PTTNET-RIPE-MNT changed: [email protected] 19980206 source: RIPE
|