[rescue] Crazy viruses from the list...
rescue at port11.net
Mon May 24 12:11:02 CDT 2004
Patrick Giagnocavo +1.717.201.3366 wrote:
>On Mon, May 24, 2004 at 12:45:40PM -0400, William Enestvedt wrote:
>>Thomas Gallaway wrote:
>>>I dont know but I have within the last 2 hours received 4 viruses
>>>from [an email address that's probably only for this list.]. All
>>>of wich originated from
>>>Received: from 19-02.com (gtw13-2.esc13.net [126.96.36.199])
>> I just got two more virus-laden email messages; their headers include
>>"<20040112131716.ga7951 at jdboyd.zill.net>" and "[188.8.131.52]" (which
>>is a group named AcNet Gobierno Mexicano who changed their DNS record a
>>week ago). The attachment, Your_money.vbs, was dropped by our mail
>This is a virus that randomly spoofs From: headers. It spreads by
>reading Outlook's address book then spoofing itself as one of the
>addresses listed there.
>I have found it very difficult to trace these back to the infected box.
>The procmail anti-virus script (look on freshmeat.net) I have found to
>be helpful. Along with runing Mutt :-)
Yeah but I dont think is can spoof the received from header (IP of the
gateway it originated from).
Actually all those are the same in my headers. Received a bunch more..
More information about the rescue