[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Getting Mail Bombed!
- Subject: Re: [cobalt-users] Getting Mail Bombed!
- From: SteelHead <brk@xxxxxxxx>
- Date: Sun Jul 22 09:08:03 2001
- Organization: Linuxhelpers
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
----- Original Message -----
From: "Michael" <mike@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Sunday, July 22, 2001 2:24 PM
Subject: Re: [cobalt-users] Getting Mail Bombed!
> No no you don't understand. I am not sending OUT these messages as I
would if infected, instead I am RECEIVING them.
>
> How do I get the rack to reject these? I bet its tough since it is coming
from infected files!
>
>
>
> At 02:08 PM 7/22/2001 -0400, you wrote:
> >Here's the fix ! You have a Virus probably !!
> >
> >http://www.mcafee.com/anti-virus/viruses/sircam/
> >
> >About 30 or so steps to fix it !!!
> >
> >Happened to me, and was all fixed up in about 10 mins.
> >
> >Cheers, Lennie Core
> >
> >
> >> ANY help on getting rid of this would rock!
> >>
> >> Below is a sample header from one of them. They are coming from many
differenent sources, so it is more than simply adding their names to deny
from...
> >>
> >>
> >>
> >> Return-Path: <marcelapujol@xxxxxxxxxxxxxxx>
> >> Received: from mail.fibertel.com.ar (mta1.fibertel.com.ar
[24.232.0.161])
> >> by www.astrology-online.com (8.10.2/8.10.2) with ESMTP id
f6MGBgc05310
> >> for <webmaster@xxxxxxxxxxxxxxxxxxxx>; Sun, 22 Jul 2001
11:11:43 -0500
> >> Received: from computer.fibertel.com.ar (24.232.133.74) by
mail.fibertel.com.ar (5.1.056)
> >> id 3B599C5C0002E84D for webmaster@xxxxxxxxxxxxxxxxxxxx; Sun, 22
Jul 2001 13:02:14 -0300
> >> Message-ID: <3B599C5C0002E84D@xxxxxxxxxxxxxxxxxxxx> (added by
postmaster@xxxxxxxxxxxxxxx)
> >> From: "Marcela Pujol"<marcelapujol@xxxxxxxxxxxxxxx>
> >> To: webmaster@xxxxxxxxxxxxxxxxxxxx
> >> Subject: QueDiostebendigasiempre
> >> date: Sun, 22 Jul 2001 12:56:59 -0300
> >> MIME-Version: 1.0
> >> X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
> >> X-Mailer: Microsoft Outlook Express 5.50.4133.2400
> >> Content-Type: multipart/mixed;
boundary="----1A73EB0F_Outlook_Express_message_boundary"
> >> Content-Disposition: Multipart message
> >> X-UIDL: *d*"!Gj!"!6cR"!p=E"!
> >>
> >> Content-Type: text/plain; charset=ISO-8859-1
> >> Content-Transfer-Encoding: quoted-printable
> >> Content-Disposition: message text
> >>
> >> Hola como estas =3F
> >>
> >> Te mando este archivo para que me des tu punto de vista
> >>
I agree that it appears to be a viral attack. Is it possible that you (or a
user on a list related to <webmaster@xxxxxxxxxxxxxxxxxxxx>) is using a
windows box, the windows box becoming infected, the infection spreading to
your maillist or address book, and then returning to you as all of these
newly infected machines return the faor, trying to infect you?
If it originated from your box, clean it now, if it went through a maillist
on your cobalt, fet a virus filter for the cobalt.
Just think of the possibilities
Bill