New Mass Mailing Virus making rounds?

Rose, Bobby brose at med.wayne.edu
Mon Apr 5 18:23:39 IST 2010


Nope since none of the payload is getting thru since the sending hosts don’t have PTRs or the domain of the return address is non-existing.  Here’s a very small subset of return addresses involving host adsl-99-39-203-126.dsl.chcgil.sbcglobal.net [99.39.203.126] that are clearly randomly generated.

from=gyfvzpajoy at 2Z4Zn_ti.com<mailto:gyfvzpajoy at 2Z4Zn_ti.com>
from=shasgpuqc at e05NR_bB.com<mailto:shasgpuqc at e05NR_bB.com>
from=bfdiutkvwg at BkE906Sh.com<mailto:bfdiutkvwg at BkE906Sh.com>
from=yyizeckfyn at 7oGw8VY.com<mailto:yyizeckfyn at 7oGw8VY.com>
from=vgnnsxdads at 3U1HR1T.com<mailto:vgnnsxdads at 3U1HR1T.com>

Other hosts have been
120.69.98.66.l.sta.codetel.net.do [66.98.69.120]
190-37-15-174.dyn.dsl.cantv.net [190.37.15.174]
200-102-26-22.bnut3702.dsl.brasiltelecom.net.br [200.102.26.22]
190.74-184-226.dyn.dsl.cantv.net [190.74.184.226]
adsl89-121-149-63.romtelecom.net [89.121.149.63]
the list goes on….


From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of --[ UxBoD ]--
Sent: Monday, April 05, 2010 12:39 PM
To: MailScanner discussion
Subject: Re: New Mass Mailing Virus making rounds?


________________________________
Is anyone aware of a new virus making rounds?  The number of rejected smtp connections on my MXs went thru the roof around 8pm EST Sunday night and into today.  Rejections are due to no PTRs and obvious bogus non-existing domains in many causes hundreds of random return addresses from the same sending IP.

I googled and such and I’m not coming across any discussions of some new worm so now I’m curious if any other MailScanner users have seen this and have any info.

-=B

________________________________
This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Have not seen a spike here ... do you have any further details about it ?

--
Thanks, Phil


________________________________
This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100405/7dbae991/attachment.html


More information about the MailScanner mailing list