nanog mailing list archives

Previous By Date Next
Previous By Thread Next

virus spreader from ptt.ru

From: "Dana Hudes" <dhudes () hudes org>
Date: Sun, 25 Jun 2000 23:49:51 -0400

Hello. A dialup user in ptt.ru is sending out mass mail with a virus attached; tonight was the second time in as many 
days. The ISP has been notified but has not responded. You may wish to black hole their dialup port range to protect 
your network's mail systems.

Return-Path: <>
Received: from mail1.panix.com (mail1.panix.com [166.84.0.212])
 by harmony.hudes.org (8.9.3/8.9.3) with ESMTP id MAA01055
 for <dhudes () hudes org>; Sun, 25 Jun 2000 12:05:53 -0400
Received: by mail1.panix.com (Postfix)
 id 903E530F93; Sun, 25 Jun 2000 12:05:27 -0400 (EDT)
Delivered-To: dhudes () panix com
Received: from dialup.ptt.ru (dialup.ptt.ru [195.34.0.100])
 by mail1.panix.com (Postfix) with SMTP id 21A6730EC5
 for <dhudes () panix com>; Sun, 25 Jun 2000 12:05:07 -0400 (EDT)
Received: (qmail 13626 invoked from network); 25 Jun 2000 15:37:06 -0000
Received: from dialup-27028.dialup.ptt.ru (HELO pink) (195.34.27.28)
  by dialup.ptt.ru with SMTP; 25 Jun 2000 15:37:06 -0000
To: web () download ru
From: Âàø@panix.com, çàêàç@panix.com
Subject: Mission(download)
Date: Sun, 25 Jun 2000 19:37:47 +0300
Message-Id: <36702.817908564815300.290@localhost>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=juhbchtmlnhbclru
Status:   

--juhbchtmlnhbclru
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit


   Âàø çàêàç îò DOWNLOAD.RU
Http://www.download.ru
Ñïàñèáî çà âàø âûáîð.                        
--juhbchtmlnhbclru
Content-Type: application/x-zip-compressed; name="Mission(download).zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Mission(download).zip"

(Virus attachment deleted; if you really want it e-mail me a request)

--juhbchtmlnhbclru--

inetnum:     195.34.0.0 - 195.34.0.127
netname:     PTT-1
descr:       PTT-Teleport Moscow, JSC
descr:       Russia, Moscow
country:     RU
admin-c:     SK6742-RIPE
tech-c:      AVM1-RIPE
status:      ASSIGNED PA
changed:     netmst () ptt ru 20000323
source:      RIPE

route:       195.34.0.0/19
descr:       PTTNET's first /19 block
origin:      AS6795
notify:      netmst () ptt ru
mnt-by:      PTTNET-RIPE-MNT
changed:     netmst () ptt ru 19980206
source:      RIPE
Previous By Date Next
Previous By Thread Next

Current thread: