[Esd-l] Rash of new email attacks
scott at dctchambers.com
Tue Dec 7 12:09:51 PST 2004
Hey! Is this mail list still going? So quiet.
Lately I've been seeing a lot of new email attacks, where the email looks
like a bounce from another server and really strange, even SPAMCop thinks
it's a bounce.
This is what it looks like:
This mail was generated automatically.
More info about --PAIDFORSURF-- under: http://www.paidforsurf.com
# 509: mailbox_unavailable
The full mail is attached.
*-*-* Anti_Virus: No Virus was found
*-*-* INLANDRESTAURANTS- Anti_Virus Service
and the headers:
Return-Path: <info at paidforsurf.com>
Received: from inlandrestaurants.com ([184.108.40.206])
by skot.skot.org (8.12.11/8.12.11) with ESMTP id iB73gIU4020760
for <scott at skot.org>; Mon, 6 Dec 2004 19:42:19 -0800
Received: from ftskeo.com ([220.127.116.11])
by inlandrestaurants.com (8.12.11/8.12.10) with SMTP id iB73g4MH020617;
Mon, 6 Dec 2004 19:42:05 -0800
From: info at paidforsurf.com
To: Electronic_Mail at inlandrestaurants.com
Date: Tue, 07 Dec 2004 03:38:28 GMT
Subject: FwD: Faulty_mail delivery <SMTP:5998>
X-Priority: 3 (Normal)
Message-ID: <c3fbb82bfcfb36319e at paidforsurf.com>
Content-Type: multipart/mixed; boundary="=7df17030ea8.474a7bb35edfa0d"
Then there is a file attached to it, obviously a virus:
I happen to know that Inland has no email protection, because I asked them
many times if I could install procmail and they keep turning me down. Is
there something wrong with their mail server or maybe someone on their
network has a virus (like that never happens)?
This header does look like it came from Inland, the IP address belongs to
the mail server and it also acts as an Internet gateway.
I hope I gave you enough info, if not, just ask.
More information about the esd-l