|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: other virus damages/costs.....(hello skynet.be ?)
our queue appears to increasing linearly since about last tuesday, since then its increased 3000%, theres a huge dip midday saturday (it goes down to one third its size in about 4hrs) then rapidly jumps up to higher than its pre-dip value thats messages tho, queue spool size hasnt gone up all that much, maybe 200% no idea about our storage spools... very odd!! Steve On Mon, 2 Feb 2004, Mike Tancsa wrote: > > > Looking at my disk stats, my mail storage spool has grown by 15% in the > past week not due the deluge of viruses which I can block and reject, but > in large part to those idiotic "Hi, I am sorry in a happy idiotic way to > inform you that the message you sent has a virus" messages.... As almost > all of them forge their email address, what is the point of warning the > "sender." Even better, I wake up this am to 285 (and growing) messages > below telling me that someone at skynet is trying to send me a virus > message and it cc's 64 other people. Nice. > > > ---Mike > > >From: "Skynet Mail Protection" <[email protected]> > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >To: [email protected] > >Subject: Skynet Mail Protection scan results > >Date: Mon, 02 Feb 2004 12:09:44 +0100 > >Importance: high > >X-Mailer: ravmd/8.4.2 > >X-RAVMilter-Version: 8.4.3(snapshot 20030212) (september.skynet.be) > >X-Virus-Scanned: by amavisd-new > >X-Spam-Flag: YES > >X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on > > spamscanner4.sentex.ca > >X-Spam-Level: ***** > >X-Spam-Status: Yes, hits=5.7 required=5.1 tests=MAILTO_TO_SPAM_ADDR, > > MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,TW_JN,X_PRIORITY_HIGH, > > X_PRI_MISMATCH_HI autolearn=no version=2.63 > >X-Spam-Report: > > * 0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high > > * 0.1 TW_JN BODY: Odd Letter Triples with JN > > * 1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely > > spammer email > > * 1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no > > X-MimeOLE > > * 2.8 X_PRI_MISMATCH_HI 'X-Priority' does not match > > 'X-MSMail-Priority' > > * 0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't > > > > > > > >----------------------- > >This e-mail is generated by Skynet Mail Protection to warn you that the e-mail > >sent by [email protected] to [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], > >[email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected]! > > ru, [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected] is infected with virus: > > Win32/[email protected] > >Deze e-mail is gegenereerd door Skynet Mail Protection om u te waarschuwen dat > >de e-mail gestuurd door [email protected] naar [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected]! > > , [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected] geinfecteerd > > is met Win32/[email protected] > >Ce mail est g�n�r� par Skynet Mail Protection afin de vous pr�venir que > >l'e-mail envoy� par [email protected] � [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected],! > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected] est infect� > > par le virus : Win32/[email protected] > > > >Please contact your system administrator for further information. > >Gelieve uw systeembeheerder te contacteren voor meer informatie. > >Veuillez contacter votre administrateur syst�me pour de plus amples > >informations. > > > >If you are the sender: > >Indien u de zender bent: > >Si vous �tes l'exp�diteur: > >------------------- > >The scanned e-mail has your address in the <From> header field. Either your > >computer is infected or someone's computer having your e-mail address in > >the address book has been infected. > >De gescande e-mail heeft uw adres in het <From> veld. Dat betekent dat ofwel > >jouw computer geinfecteerd is, ofwel dat iemand is geinfecteerd, die jouw > >e-mail > >adres in zijn/haar adresboek heeft. > >Le mail scann� contient votre adresse e-mail dans son en-t�te <De>. > >Soit votre ordinateur est infect� soit votre adresse e-mail est reprise dans > >le carnet d'adresse d'un ordinateur infect�. > > > >If you are the receiver: > >Indien u de bestemmeling bent: > >Si vous �tes le destinataire: > >--------------------- > >Please contact the sender: most likely he/she doesn't know he/she has a > >computer virus. > >Gelieve de zender te contacteren: hoogst waarschijnlijk weet hij/zij niet > >dat hij/zij > >geinfecteerd is met een computer virus. > >Veuillez contacter l'exp�diteur: le plus souvent, il/elle ne sait pas que son > >ordinateur est infect�. > > > >Actions taken for the infected files: > >Ondernomen actie voor de geinfecteerde bestanden: > >Actions prises pour les fichiers infect�s: > >------------------------------------- > > > > > >The infected file was saved to quarantine with name: > >1075720184-RAVi12B9bAP025868. > >The file (part0004:Update.exe) attached to mail (with subject:net critical > >upgrade) sent by [email protected] to [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected], [email protected], [email protected], > >[email protected]! > > , [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected], > > [email protected], [email protected], [email protected] > >is infected with virus: Win32/[email protected] > >The mail was not delivered because it contained dangerous code. > > > >------------------------ > >this is a copy of the e-mail header: > > > > > > > >RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212) > > > >Scan engine 8.11 for i386. > >Last update: Mon, 02 Feb 2004 04:36:04 +01 > >Scanning for 89407 malwares (viruses, trojans and worms). > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, [email protected] > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > >
|