[ net_freek @ 09.11.2002. 02:27 ] @
Ne znam da li neko ima slično iskustvo ali moj mailbox je u poslednja dva dana zasut mailovima sa virusom poslatih putem mailing liste cuvenog proizvodjaca antivirusnog softvera, firme Kaspersky Labs (ironicno zar ne). Mnogi serveri korisceni za relaying su doticne poruke ocistili od virusa i o tome me obavestili mailom. Prosto ne mogu da verujem da se slanjem maila sa bilo koje adrese na adresu: [email protected] poruka salje svima sa mailing liste. U svakom slucaju zanima me jos necije vidjenje ovog propusta od strane kasperskog. Slede dva maila sa sve header-ima: ============================================================================ Return-Path: <[email protected]> Received: from webserver2.kaspersky-labs.com ([195.161.113.178]) by avala.yubc.net (8.9.3/8.9.3) with ESMTP id JAA01510; Fri, 8 Nov 2002 09:25:50 +0100 Received: by webserver2.kaspersky-labs.com (Postfix) id A077920E72; Fri, 8 Nov 2002 08:10:54 +0300 (MSK) Delivered-To: [email protected] Received: from messagerie.multiphone.fr (messagerie.multiphone.fr [194.206.157.135]) by webserver2.kaspersky-labs.com (Postfix) with ESMTP id AF9F520B8C for <[email protected]>; Fri, 8 Nov 2002 02:40:37 +0300 (MSK) Received: by MESSAGERIE with Internet Mail Service (5.5.2650.21) id <WMJKSYLR>; Fri, 8 Nov 2002 00:40:41 +0100 Message-ID: <1149797CEC6ED6119C8D00600872D6F606382A@MESSAGERIE> From: "[MESSAGERIE] Panda Antivirus for Exchange Server" <[email protected]> To: "'[email protected]'" <[email protected]> Subject: Incident de virus Date: Fri, 8 Nov 2002 00:40:40 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by avala.yubc.net id JAA01510 X-UIDL: Tj^"!(&K!!W>!#!D%m"! Status: U Panda Antivirus a detecte les virus suivants dans le message: Server : MESSAGERIE Envoye par : Adresse : [email protected] A : [email protected] Objet : Returned mail: see transcript for details Date : 08/11/2002 01:40 VIRUS DETECTE Fichier : ~000003.txt Virus : Exploit/iFrame - Desinfecte Fichier : README.EXE Virus : W32/Bride - Desinfecte http://www.pandasoftware.com =============================================================================== Return-Path: <[email protected]> Received: from webserver2.kaspersky-labs.com ([195.161.113.178]) by avala.yubc.net (8.9.3/8.9.3) with ESMTP id HAA10814; Fri, 8 Nov 2002 07:42:47 +0100 From: [email protected] Received: by webserver2.kaspersky-labs.com (Postfix) id A573B20860; Fri, 8 Nov 2002 01:24:48 +0300 (MSK) Delivered-To: [email protected] Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2]) by webserver2.kaspersky-labs.com (Postfix) with ESMTP id B9377203FF for <[email protected]>; Fri, 8 Nov 2002 00:49:29 +0300 (MSK) Received: (from drweb@localhost) by adm.sci-nnov.ru (8.11.6/8.11.6) id gA7LiKC43084 for <[email protected]>; Fri, 8 Nov 2002 00:44:20 +0300 (MSK) (envelope-from [email protected]) Date: Fri, 8 Nov 2002 00:44:20 +0300 (MSK) Message-Id: <[email protected]> X-Authentication-Warning: adm.sci-nnov.ru: drweb set sender to [email protected] using -f X-drweb-hash: b4b175cb07c2092f0170f0e35ce7e243 Subject: [unknown-subject] Content-Type: text/plain; charset=koi8-r To: <[email protected]> X-UIDL: GNh"!97b"!A#d!!L['#! Status: U Dear Sender, message sent from your e-mail address (address may be spoofed) to <[email protected]> was probably infected and was not delivered. Antiviral filter report: ======================== DrWeb found next viruses: ======================== infected with Trojan.IframeExec infected with Win32.HLLM.Generic.95 Recipient was warned and can obtain a copy of infected message. This message was generated automatically by mail delivery software. |