Tons of 1.txt messages
Jason.Burzenski at AMERICANHM.COM
Jason.Burzenski at AMERICANHM.COM
Fri Jul 22 19:36:45 IST 2005
We are suddenly (within the past hour) seeing dozens of reports from
users about messages coming in with an attachment 1.txt (wich is 80b and
empty). There is always a 1 in the body and nothing else. The source
address is always forged and most of them seem to be coming from large
ISP user IP pools.
Here is a sample header:
Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by
x.americanhm.com with SMTP (x)
id PKVMXV6N; Fri, 22 Jul 2005 13:53:18 -0400
Received: from betru.net (frnk-d9b96a96.pool.mediaWays.net
[217.185.106.150])
by x.americanhm.com (8.12.10/8.12.10) with SMTP id j6MHmr22028595
for <mg at americanhm.com>; Fri, 22 Jul 2005 13:48:55 -0400
Date: Fri, 22 Jul 2005 19:59:41 +0100
To: "Mg" <mg at americanhm.com>
From: "Mg" <mg at ales.com.ec>
Subject: 1
Message-ID: <tmzgclxpkjdscxevsvp at americanhm.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------elrddgzjoshelqmabgkc"
X-SAMS-Information: Please contact the ISP for more information
X-SAMS: Found to be clean
X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4,
BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32)
X-MailScanner-From: mg at ales.com.ec
----------elrddgzjoshelqmabgkc
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
----------elrddgzjoshelqmabgkc
Content-Type: application/octet-stream; name="1.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="1.txt"
----------elrddgzjoshelqmabgkc--
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list