Some Worm is trying to cheat MailScanner users ?!
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Thu Jan 6 12:27:53 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Mocyr
any anti-virus scanners should have triggered as well...of it's sober-i
then its a few weeks old.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Moacyr Leite da Silva wrote:
> Martin,
>
> I agree and I was only concerned that it is a kind of "Social Engineering",
> in this case filename rules blocked the offending file.
>
> Thanks
>
> Moacyr
>
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Thursday, January 06, 2005 10:04 AM
> Subject: Re: Some Worm is trying to cheat MailScanner users ?!
>
>
> There was a worm that came out about 2 years ago which did something
> similar, hence the 'company' name being added the the headers to make
> this a little more unique.
>
> BUT personally I never trust the headers and not virus scan base on that
> info.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Moacyr Leite da Silva wrote:
>
>>Hi Folks,
>>
>>I Received an email yesterday with the following lines, all headers are in
>>the bottom of email.
>>
>>
>>
>>>*-*-* Mail_Scanner: No Virus
>>>*-*-* AKADNYX.COM- Anti_Virus Service
>>>*-*-* http://www.akadnyx.com.br
>>>
>>
>>
>>Seens to me that some worm is trying to cheat MailScanner users, I dont
>
> have
>
>>signature in my MailScanner configurations.
>>Someone have this one also!?
>>
>>
>>Thanks
>>Moacyr Leite da Silva
>>www.akadnyx.com.br
>>
>>
>>
>>
>>----- Original Message -----
>>From: <slamm at netscape.com>
>>To: <moacyrs at akadnyx.com.br>
>>Sent: Wednesday, January 05, 2005 2:48 AM
>>Subject: {Filename?} Oh God it's
>>
>>
>>
>>
>>>Warning: Esta mensagem continha anexos que foram removidos
>>>Warning: (thats_hard.9727.scr).
>>>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores
>>
>>informações.
>>
>>
>>>I was surprised, too!
>>>Who_could_suspect_something_like_that? shityiiiii
>>>
>>>
>>>
>>>*-*-* Mail_Scanner: No Virus
>>>*-*-* AKADNYX.COM- Anti_Virus Service
>>>*-*-* http://www.akadnyx.com.br
>>>
>>
>>
>>
>>Received: from ishtar.akadnyx.com.br ([192.168.0.254]) by
>>w2k-srv01.akadnyx.com.br with Microsoft SMTPSVC(5.0.2195.5329);
>> Wed, 5 Jan 2005 03:22:40 -0200
>>Received: from gjtwrifg.com (rndf-146-30-87.telkomadsl.co.za
>>[165.146.30.87])
>> by ishtar.akadnyx.com.br (8.12.11/8.12.11) with SMTP id j055G6H3014159
>> for <moacyrs at akadnyx.com.br>; Wed, 5 Jan 2005 03:16:08 -0200
>>From: slamm at netscape.com
>>To: moacyrs at akadnyx.com.br
>>Date: Wed, 05 Jan 2005 04:48:44 GMT
>>Subject: {Filename?} Oh God it's
>>Importance: Normal
>>X-Priority: 3 (Normal)
>>X-MSMail-Priority: Normal
>>Message-ID: <72eea045191f.d880 at netscape.com>
>>MIME-Version: 1.0
>>Content-Type: multipart/mixed; boundary="===a2d635d06.48886b1bbe8731095"
>>Content-Transfer-Encoding: 7bit
>>X-AKADNYX-MailScanner-Information: Please contact the ISP for more
>>information
>>X-AKADNYX-MailScanner: Found to be infected
>>X-AKADNYX-MailScanner-SpamCheck: não spam, SpamAssassin (escore=-1.395,
>> requerido 8, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, NO_REAL_NAME 0.01,
>> PRIORITY_NO_NAME 1.10, RCVD_IN_NJABL_DUL 0.09)
>>X-MailScanner-From: slamm at netscape.com
>>Return-Path: slamm at netscape.com
>>X-OriginalArrivalTime: 05 Jan 2005 05:22:40.0937 (UTC)
>>FILETIME=[93CE0990:01C4F2E6]
>>
>>This is a multi-part message in MIME format.
>>
>>--===a2d635d06.48886b1bbe8731095
>>
>>Warning: Esta mensagem continha anexos que foram removidos
>>Warning: (thats_hard.9727.scr).
>>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores
>>informações.
>>
>>I was surprised, too!
>>Who_could_suspect_something_like_that? shityiiiii
>>
>>
>>
>>*-*-* Mail_Scanner: No Virus
>>*-*-* AKADNYX.COM- Anti_Virus Service
>>*-*-* http://www.akadnyx.com.br
>>
>>--===a2d635d06.48886b1bbe8731095
>>Content-Type: text/plain;
>> charset="us-ascii";
>> name="AKADNYX-Attachment-Warning.txt"
>>Content-Disposition: attachment; filename="AKADNYX-Attachment-Warning.txt"
>>Content-Transfer-Encoding: quoted-printable
>>
>>Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus
>>----------------------------------------------------------------------
>>O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos de
>
> a=
>
>>rquivo,
>>e foi substitu=EDdo por esta mensagem de aviso no e-mail.
>>
>>Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique
>>armazenada.
>>
>>Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte:
>> Windows Screensavers are often used to hide viruses
>
> (thats_hard.9727.scr)
>
>> No programs allowed (thats_hard.9727.scr)
>>
>>--=20
>>Postmaster
>>
>>--===a2d635d06.48886b1bbe8731095--
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list