[Dx-qsl] BQ9P-pilot virus mailing??
Bob Nielsen
[email protected]
Sun Jun 9 11:10:01 2002
Klez will obtain addresses (for both sender and recipient) at random
from email and other files on an infected machine. It has nothing to
do with arrl.net or any other specific address.
73,
Bob, N7XY
On Sun, Jun 09, 2002 at 09:49:54AM +0200, Maurice ON4BAM wrote:
> Hi all,
>
> While this certainly is off-topic here, I'm taking a chance anyway to post this problem.
>
> I just got a mail from [email protected] send to my arrl.net address forwarded to my
> yahoo.com address (no harm done). I'm pretty sure that the arrl.net addresses were
> 'highjacked' a long time ago.... and now a mail (that seems to come) from KU9C arrived
> with no text but only has attachments. one of them infected with W32.Klez.E@mm .
> The 'real' sender is @penza.com.ru .
>
> So beware.. if you have a @arrl.net address you just might get one of the mails.
>
>
> full headers are:
> X-Apparently-To: [email protected] via web12501.mail.yahoo.com; 08 Jun 2002
> 16:09:56 -0700 (PDT)
> Return-Path: <[email protected]>
> Received:from DCCInc-Colo-46-9.OneCall.Net (EHLO xlate1.mailsvcs.arrl.net)
> (216.37.46.9) by mta455.mail.yahoo.com with SMTP; 08 Jun 2002 16:09:55 -0700
> (PDT)
> Received: from mx2.mail.ru (mx2.mail.ru [194.67.57.12]) by xlate1.mailsvcs.arrl.net
> (8.11.6/8.11.0) with ESMTP id g58N9rs23489 for <[email protected]>; Sat, 8 Jun 2002
> 18:09:53 -0500
> Received: from [80.82.171.8] (helo=Mnma) by mx2.mail.ru with smtp (Exim SMTP.2) id
> 17GpLB-000GxK-00 for [email protected]; Sun, 09 Jun 2002 03:09:49 +0400
> From:"bq9p-pilot" <[email protected]> | Block Address
> To: [email protected]
> Subject: Height
> MIME-Version: 1.0
> Content-Type: multipart/alternative; boundary=I334THg6nCd9f075a0qB08216iA7Ez976
> Message-Id: <[email protected]>
> Date:Sun, 09 Jun 2002 03:09:49 +0400
> Content-Length: 72123
> --------
>
>
>
> bye, Maurice ON4BAM / M0CIL ALHS #357
> [email protected] or [email protected] http://www.qsl.net/on4bam
>
> Please help QSL.NET . Send your donation now.
>
> If you have already donated, thanks !
--
Bob Nielsen, N7XY [email protected]
Bainbridge Island, WA http://www.oz.net/~nielsen
IOTA NA-065, USI WA-028S