Hi, There Last few weeks I've received tons of these "Microsoft Security updates" emails with Virus attachment. These email must be from samba or ldap mailing list. Following I listes some sender's source IP address and host names. This only very small part of list. If I have time, I will be sending more offending hosts list to you. Please take a look if your machine happened to be one of the offending hosts, please try to clean it up. You can find more information about clean up the infected machine from http://securityresponse.symantec.com/
Offending hosts list (part 1) ******************************************************** from in.menzolit-fibron.sk ([217.118.110.162]) Received: from empcorreo.onolab.com (smtp.onored.com [62.42.230.27]) from cobalt.eux.nl (213-132-174-148.multikabel.nl [213.132.174.148]) Received: from smtp04.wxs.nl (smtp04.wxs.nl [195.121.6.59]) Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206]) Received: from fxdmfn (80.182.241.123) by vsmtp12.tin.it (7.0.019) Received: from mail.chariot.net.au (mail.chariot.net.au [203.87.95.38]) Received: from clbnqpl (ppp-080.cust203-87-121.ghr.chariot.net.au [203.87.121.80]) by mail.chariot.net.au (Postfix) with SMTP Received: from mta06bw.bigpond.com (mta06bw.bigpond.com [144.135.24.156]) Received: from qngjcj ([144.135.24.72]) by mta06bw.email.bigpond.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <[EMAIL PROTECTED]> for Received: from poczta.xtra.pl (poczta.xtra.pl [212.14.56.8]) Received: from zpvcvl (em21313623232.teleton.pl [213.136.232.32]) by poczta.xtra.pl (Postfix) with SMTP id 6C1591AEBC; Thu, 25 Sep 2003 14:13:05 +0200 (CEST) Received: from mail0.ewetel.de (mail0-96.ewetel.de [212.6.122.96]) Received: from pjcsj (dialin-79153.ewetel.net [212.6.79.153]) by mail0.ewetel.de (8.12.1/8.12.9) with SMTP id h8PC77jB029732; Thu, 25 Sep 2003 14:07:08 +0200 (MEST) Received: from imf21aec.mail.bellsouth.net (imf21aec.mail.bellsouth.net [205.152.59.69]) Received: from lqocotba ([68.209.11.2]) by imf21aec.mail.bellsouth.net (InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with SMTP id <[EMAIL PROTECTED]>; Thu, 25 Sep 2003 07:49:41 -0400 Received: from torvals1.ciudadglobal.com.ar (200.69.145.126.techtelnet.net [200.69.145.126] (may be forged)) Received: from jdnhorq (asterix-nat1.ciudadglobal.com.ar [200.69.145.124] (may be forged)) by torvals1.ciudadglobal.com.ar (8.12.8/8.12.8) with SMTP id h8PEHlAB028358; Thu, 25 Sep 2003 11:17:48 -0300 Received: from mail.d-net.cz (mail.d-net.cz [194.213.244.98]) Received: from server.menu.cz (swuniv.d-net.cz [195.128.197.117] (may be forged)) by mail.d-net.cz (8.12.3/8.12.3/Debian-6.6) with ESMTP id h8PE3qLm001832; Received: from webserver.pmp.pr.gov.br ([200.163.242.234]) Received: from ywqwyrl (unknown [192.168.1.140]) by webserver.pmp.pr.gov.br (Postfix) with SMTP id A5403D81E9; Thu, 25 Sep 2003 07:59:37 -0300 (BRT) *********************************************************************** Thank you for your help Ron Liu Information Technology Consultant Biology Department San Jose State University 408-924-4860 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba