|
Hello
Our Mail server recevied a mass mailing earlier today.
The email is address to [EMAIL PROTECTED] and is coming from [EMAIL PROTECTED] Copy of headers: Received: from mail.citravel.com [10.215.43.52] by citravel.com (SMTPD32-8.11) id A06E595011C; Tue, 11 May 2004 11:25:34 -0400 From: mail.citravel.com<[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: RE: X-Mailer: Microsoft Outlook Mime-Version: 1.0 Content-Type: text/html; charset=us-ascii Message-Id: <[EMAIL PROTECTED]> X-Declude-Sender: [EMAIL PROTECTED] [10.215.43.52] X-Declude-Spoolname: Df06e0595011c829f.SMD X-Note: This message was scanned for Spam X-RBL-Warning: Total weight value: 0 X-Spam-Tests-Failed: Whitelisted [0] X-Note: Recipient Host: citravel.com X-Note: Sender Address: [EMAIL PROTECTED] X-Note: Sender Host Name: (Private IP) X-Note: Sender IP Address: 10.215.43.52 X-Note: Sender Country ID: X-Note: This E-mail was sent from (Private IP) ([10.215.43.52]) Precedence: bulk Sender: [EMAIL PROTECTED] Date: Tue, 11 May 2004 11:32:11 X-RCPT-TO: citravel.com Status: U X-UIDL: 384277933 This person's email client does not show they sent this message but the IP of the sending host is the senders system. I have scanned this system and it is showing virus free. Using SOPHOS latetest defs as of 2pm est 5/11/2004 I am also sniffing the network now looking for other SMTP
Traffic.
User who receive the email which has a link of h t t p:// d r s . y a h o o . com / citravel.com/news Get sent to a pornography site. After they close this site there system keeps having pop ups appearing regularly. this link redirects to h t t p:// d r s . y a h o o . com /
citravel.com/news*http://www.security-warning.biz/personal6/maljo24/www.yahoo.com/#http://drs.yahoo.com/citravel.com/news
I am not so much worried about the email but as to how it was sent. This is where I think it might be a virus.
Currently I have a filter stopping emails with d r s . y a h o o . c o m (space added) I am seeing several hundred an hour being stopped. Any help ideas thouhgt?
Or should I just go golfing and forget about it???
:)
~Paul~ |
- Re: [Declude.Virus] RE Mass mailing maybe new virus Email Admin
- Re: [Declude.Virus] RE Mass mailing maybe new virus Greg Little
- Re: [Declude.Virus] RE Mass mailing maybe new virus Matt
- RE: [Declude.Virus] RE Mass mailing maybe new viru... Douglas Cohn
- Re: [Declude.Virus] RE Mass mailing maybe new ... Matt
- [Declude.Virus] .smd files in c:/ Tim Cook
- Re: [Declude.Virus] .smd files in c:/ R. Scott Perry
- RE: [Declude.Virus] .smd files in... Tim Cook
- RE: [Declude.Virus] .smd file... R. Scott Perry
- RE: [Declude.Virus] .smd file... Tim Cook
- RE: [Declude.Virus] .smd file... R. Scott Perry
