mailing list is swarmed by virii attachments.

Yang-Hwee TAN tanyh at bii.a-star.edu.sg
Thu Mar 4 03:37:53 EST 2004


On 2004-03-04 10:09:34, vda <vda at port.imtp.ilyichevsk.odessa.ua> wrote:

> On Thursday 04 March 2004 09:49, Yang-Hwee TAN wrote:
> > hi all hostap-ients,
> >
> > from the amount of spammed mail we received every now
> > and then, either some a/c has been hacked or virii have
> > swarmed your email a/c(s).
> 
> What is 'a/c'?
> 

it refers to "account".


My apologies to bore the rest not interested to see if the virii 
spreading email could be tracked. you can delete this email now, 
cos the rest of the mail talks about the origination of the virii 
mail. sorry. :-)


> > also, it seems to me that jouni's email is the most abused
> > one. i've been receiving alot of virii attachments from
> > jouni's multiple email aliases. hope jouni could do a check
> > on the system(s) used to reply to this mailing list soon.
> 
> This is because lots of folks have Jouni address in addressbooks.
> When they get infected, virus sends mails with
> From: jouni at ....
> 
> I seriously doubt that Jouni's boxes got infected.
> 
> Please check source ip/hostname if you want to know
> from where it really came. Never trust "From:"
> 

I certainly hope its not infecting jouni's box.

Here the mail header from 1 of the many virii mails,
the mail seems to start from a Polish IP...


-N b- 55/55: jkmaline at cc.hut.fi     USA government abolishes the capital punishment

Return-Path: <hostap-bounces+tanyh=bii.a-star.edu.sg at shmoo.com>
Delivered-To: tanyh at bii.a-star.edu.sg
Received: (qmail 14961 invoked from network); 4 Mar 2004 07:29:27 -0000
Received: from unknown (HELO mail.iocaine.com) (206.168.146.149)
  by apps5.bii.a-star.edu.sg with DES-CBC3-SHA encrypted SMTP; 4 Mar 2004 07:29:27 -0000
Received: from sisyphus.iocaine.com (localhost [127.0.0.1])
        by mail.iocaine.com (Postfix) with ESMTP id A99722352A
        for <tanyh at bii.a-star.edu.sg>; Thu,  4 Mar 2004 00:29:23 -0700 (MST)
X-Original-To: hostap at shmoo.com
Delivered-To: hostap at mail.iocaine.com
Received: from biuro.geonafta.jaslo.pl (biuro.geonafta.jaslo.pl
        [195.205.114.120])
        by mail.iocaine.com (Postfix) with ESMTP id 8CFB42100C
        for <hostap at shmoo.com>; Thu,  4 Mar 2004 00:27:28 -0700 (MST)
Received: from iwonabys-413 (Iwona_Bys [192.168.100.68])
        by biuro.geonafta.jaslo.pl (Postfix) with SMTP id D05773EDF
        for <hostap at shmoo.com>; Thu,  4 Mar 2004 06:35:24 +0100 (CET)
Date: Thu, 04 Mar 2004 08:28:10 +0100
To: hostap at shmoo.com
From: jkmaline at cc.hut.fi
Message-ID: <fwxwgoigukcmldxyfiu at cc.hut.fi>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--------ixcanmdrajyjhorputdk"
Subject: USA government abolishes the capital punishment
X-BeenThere: hostap at shmoo.com
X-Mailman-Version: 2.1.2
Precedence: list
List-Id: HostAP Project  <hostap.shmoo.com>
List-Unsubscribe: <http://lists.shmoo.com/mailman/listinfo/hostap>,
        <mailto:hostap-request at shmoo.com?subject=unsubscribe>
List-Archive: <http://sisyphus.iocaine.com/pipermail/hostap>
List-Post: <mailto:hostap at shmoo.com>
List-Help: <mailto:hostap-request at shmoo.com?subject=help>
List-Subscribe: <http://lists.shmoo.com/mailman/listinfo/hostap>,
        <mailto:hostap-request at shmoo.com?subject=subscribe>
Sender: hostap-bounces+tanyh=bii.a-star.edu.sg at shmoo.com
Errors-To: hostap-bounces+tanyh=bii.a-star.edu.sg at shmoo.com


<-sniped->

If you can read Polish perhaps u can share with us what it says 
in this url http://www.tpnet.pl/, one of the IPs within the 
same subnet as the virii mail. The webpage seems to be "explaining" 
a PC virus/worm.


cheers,
yanghwee



More information about the HostAP mailing list