Author
|
Topic: Virus message purportedly received from Joe Dees? (Read 975 times) |
|
Kalkor
Magister
Gender: 
Posts: 109
Reputation: 6.78
Rate Kalkor
Kneading the swollen donkey...
 
  
|
 |
Virus message purportedly received from Joe Dees?
« on: 2003-07-31 21:42:40 » |
 |
Received: by thetwins.quackpot.com (mbox kalkor)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Wed Jul 30 12:17:10 2003)
X-From_: joedees@internet.net.do Wed Jul 30 12:12:42 2003
Return-Path: <joedees@internet.net.do>
Received: from pfepb.post.tele.dk (pfepb.post.tele.dk [193.162.153.3])
by thetwins.quackpot.com (8.11.6/8.11.6) with ESMTP id h6UJCJk11876
for <kalkor@kalkor.com>; Wed, 30 Jul 2003 12:12:20 -0700
Received: from guest (0x50c605e2.boanxx14.adsl-dhcp.tele.dk [80.198.5.226])
by pfepb.post.tele.dk (Postfix) with SMTP
id 8F2055EE292; Wed, 30 Jul 2003 21:06:39 +0200 (CEST)
From: joedees@internet.net.do
Subject: {Virus?} Re:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------N6QB2SVSHQAKOO"
Message-Id: <20030730190639.8F2055EE292@pfepb.post.tele.dk>
Date: Wed, 30 Jul 2003 21:06:39 +0200 (CEST)
To: undisclosed-recipients:;
X-quackpot.com-MailScanner-Information: Please contact the ISP for more information
X-quackpot.com-MailScanner: Found to be infected
X-quackpot.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=4.7,
required 8, BAYES_60 1.10, EMAIL_ATTRIBUTION -0.50,
MICROSOFT_EXECUTABLE 0.10, NO_REAL_NAME 4.00)
X-quackpot.com-MailScanner-SpamScore: ssss
***************************************************
At Wed Jul 30 12:12:41 2003 the virus scanner said:
>>> Virus 'W32/Bugbear-Dam' found in file Truelsvang.xls.scr
Windows Screensavers are often used to hide viruses (Truelsvang.xls.scr)
***************************************************
Warning: This message has had one or more attachments removed
Warning: (Truelsvang.xls.scr).
Warning: Please read the "VirusWarning.txt" attachment(s) for more information.
On 28 Aug 2001, at 16:08, Bill Roh wrote:
Well, no complex creature, or one comprised of massive (and thus
statistical law of entropy and succession of causation subservient)
aggregates, to the point at which it had perception (and especially
self-perc
|
|
|
|
|
Hermit
Archon
Posts: 4289
Reputation: 8.78
Rate Hermit
Prime example of a practically perfect person
|
|
Re:Virus message purportedly received from Joe Dees?
« Reply #1 on: 2003-07-31 22:21:21 » |
|
Sourced from: 80.198.5.226
On the balance of probabilities, not from Dees unless he suddenly learned how to use a redirector. And looking at how insecure the sending system is, it seems likely that it was sent by a virus.
Interesting ports on 0x50c605e2.boanxx14.adsl-dhcp.tele.dk (80.198.5.226):
(The 1597 ports scanned but not shown below are in state: closed)
Port State Service
25/tcp filtered smtp
119/tcp filtered nntp
139/tcp open netbios-ssn
1080/tcp open socks
Remote operating system guess: Windows NT4 or 95/98/98SE
(The 1594 ports scanned but not shown below are in state: closed)
Port State Service Owner
25/tcp filtered smtp
119/tcp filtered nntp
139/tcp open netbios-ssn
381/tcp filtered hp-collector
382/tcp filtered hp-managed-node
383/tcp filtered hp-alarm-mgr
1080/tcp open socks
TCP/IP fingerprint:
SInfo(V=3.00%P=i386-redhat-linux-gnu%D=7/31%Time=3F29CB53%O=139%C=1)
TSeq(Class=TD%gcd=1%SI=1%IPID=BI%TS=U)
TSeq(Class=TD%gcd=1%SI=9%IPID=BI%TS=U)
T1(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=0%ACK=S%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
|
With or without religion, you would have good people doing good things and evil people doing evil things. But for good people to do evil things, that takes religion. - Steven Weinberg, 1999
|
|
|
|
|
|
Logged
