Security Incidents mailing list archives
Re: ICQ Users a target Again!
From: Hugo van der Kooij <hvdkooij () VANDERKOOIJ ORG>
Date: Thu, 29 Mar 2001 00:16:21 +0200
On Wed, 28 Mar 2001, Lee Hetherington wrote:
I got an email today when I arrived at work which seemed to originate from the MAILER-DAEMON account on one of our machines running Sendmail. The message had no body but had one attatchment. The file LEOKIALE.EXE is 23Kb in Size and Hasnt been opened... It was to a personal address of my own which is only used in ICQ...
Can't recall that ICQ is extremely safe.
Message Headers:- Return-Path: <root () ns1 asphost net> Received: (from root@localhost) by XXX.asphost.net (8.11.0/8.8.7) id f2RGNGL32025 for lee () asphost net; Tue, 27 Mar 2001 17:23:16 +0100 Received: from isis.hol.gr (isis.hol.gr [194.30.192.21]) by XXX.asphost.net (8.11.0/8.8.7) with SMTP id f2RGLeZ32019 for <xxxxxx () kerfuffle net>; Tue, 27 Mar 2001 17:21:40 +0100 Date: Tue, 27 Mar 2001 17:21:40 +0100 From: MAILER-DAEMON () ns1 asphost net
Seems this was an attempted relay. (Note that it seemed intended for someone at kerfuffle.net but your mail server may not know how to handle that address.) Beyond that it might be a good thing to submit the file to a virusscannner. Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Alle email is gebonden aan de regels beschreven op mijn homepage. All email send to me is bound to the rules described on my homepage. Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
Current thread:
- ICQ Users a target Again! Lee Hetherington (Mar 28)
- Re: ICQ Users a target Again! claymore (Mar 28)
- Re: ICQ Users a target Again! Hugo van der Kooij (Mar 28)