Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: meay-meay! (virus sent via full-discosure list)
From: "Bill Royds" <full-disclosure () royds net>
Date: Thu, 25 Mar 2004 08:36:59 -0500

 This virus sent to the list shows the problem of complete lack of
moderation. What would be best is a filter that does a virus scan and WARNS
about possible virus, but does not block anything. You would still be
responsible for personal digital hygiene, but would have a flag to filter
on.

Here are the headers of this message with McAfee message and a whois on the
originating MTA IP.

Return-Path: <full-disclosure-admin () lists netsys com>
Received: from netsys.com (NETSYS.COM [199.201.233.10])
        by mail.zoneedit.com (Postfix) with ESMTP id 285443FA0D
        for <full-disclosure () royds net>; Wed, 24 Mar 2004 17:17:19 -0500
(EST)
Received: from NETSYS.COM (localhost [127.0.0.1])
        by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
i2OM4lJ28528;
        Wed, 24 Mar 2004 17:04:47 -0500 (EST)
Received: from kermit ([62.38.237.28])
        by netsys.com (8.11.6p2-2003-09-16/8.11.6) with SMTP id i2OLRWX15727
        for <full-disclosure () lists netsys com>; Wed, 24 Mar 2004 16:27:34
-0500 (EST)
To: full-disclosure () lists netsys com
From: macubergeek () comcast net
Message-ID: <qcwokkovsbsisnacbtp () comcast net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------sbeuunoxpacatulivtum"
Subject: [Full-disclosure] meay-meay!
Sender: full-disclosure-admin () lists netsys com
Errors-To: full-disclosure-admin () lists netsys com
X-BeenThere: full-disclosure () lists netsys com
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,
        
<mailto:full-disclosure-request () lists netsys com?subject=unsubscribe>
List-Id: Discussion of security issues <full-disclosure.lists.netsys.com>
List-Post: <mailto:full-disclosure () lists netsys com>
List-Help: <mailto:full-disclosure-request () lists netsys com?subject=help>
List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
        <mailto:full-disclosure-request () lists netsys com?subject=subscribe>
List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/>
Date: Wed, 24 Mar 2004 23:27:25 +0200


******************   McAfee VirusScan ************************
******* Alert generated at: Wed, 24 Mar 2004 18:29:19 -0500 *********
*********************************************************************

McAfee VirusScan has detected a potential threat in this e-mail 
sent by macubergeek () comcast net 
The following actions were attempted on each suspicious part. 
We strongly recommend that you report this virus-related activity 
to macubergeek () comcast net 


 The attachment "TextFile.zip" is infected with the W32/Bagle.gen!pwdzip
Virus(es). 
This attachment has been cleaned.


===================whois for sending MUA ==========

03/25/04 08:29:36 whois 62.38.237.28 () whois ripe net

whois -h whois.ripe.net 62.38.237.28 ...
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum:      62.38.0.0 - 62.38.255.255
netname:      GR-HOL-20010530
descr:        Hellas On Line S.A.
descr:        PROVIDER
country:      GR
admin-c:      HA194-RIPE
tech-c:       CO95-RIPE
status:       ALLOCATED PA
mnt-by:       RIPE-NCC-HM-MNT
mnt-lower:    AS3329-MNT
changed:      hostmaster () ripe net 20010530
changed:      hostmaster () ripe net 20031210 # gr.hol.aval via
https://lirportal.ripe.net
source:       RIPE

route:        62.38.0.0/16
descr:        HOL
origin:       AS3329
mnt-lower:    AS3329-MNT
mnt-routes:   AS3329-MNT
mnt-by:       AS3329-MNT
changed:      tkor () hol gr 20010530
source:       RIPE

role:         HOL Administration
address:      Hellas On Line S.A.
address:      Harilaou Trikoupi 151
address:      N. Kiffisia, Greece 14564
e-mail:       admin () hol gr
trouble:      Questions....... mail to: noc () hol gr
trouble:      Spam Reports.... mail to: postmaster () hol gr
trouble:      Abuse Reports... mail to: abuse () hol gr
admin-c:      KK5841-RIPE
tech-c:       AV845-RIPE
tech-c:       TK583-RIPE
tech-c:       CO95-RIPE
nic-hdl:      HA194-RIPE
mnt-by:       AS3329-MNT
changed:      vicky () hol gr 19970821
changed:      vicky () hol gr 19970826
changed:      noc () hol gr 19981217
changed:      aval () hol gr 20000110
changed:      aval () hol gr 20010314
changed:      aval () hol gr 20020121
changed:      aval () hol gr 20030624
source:       RIPE

role:         HOL Network Operations Center
address:      Hellas On Line S.A.
address:      Harilaou Trikoupi 151
address:      N. Kiffisia, Greece 14564
e-mail:       noc () hol gr
trouble:      Questions....... mail to: noc () hol gr
trouble:      Spam Reports.... mail to: postmaster () hol gr
trouble:      Abuse Reports... mail to: abuse () hol gr
admin-c:      KK5841-RIPE
tech-c:       AV845-RIPE
tech-c:       TK583-RIPE
nic-hdl:      CO95-RIPE
mnt-by:       AS3329-MNT
changed:      vicky () hol gr 19970821
changed:      noc () hol gr 19981217
changed:      aval () hol gr 20000110
changed:      aval () hol gr 20010314
changed:      aval () hol gr 20010320
changed:      aval () hol gr 20010607
changed:      aval () hol gr 20020121
changed:      tkor () hol net 20030909
source:       RIPE




-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
macubergeek () comcast net
Sent: March 24, 2004 4:27 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] meay-meay!

 The access is open !!!

password  for  archive: 01825

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]