We're getting hammered as well. One thing I did notice is that the virus seems be targeting mail.<domainname> instead of doing an MX lookup for the correct mail server, and seems to be using a dictionary of common usernames instead of working off of a compromised address book -- yet another reason to get rid of "nobody" aliases ;-)
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Sharyn Schmidt > Sent: Tuesday, December 14, 2004 2:36 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Zafi.d > > > Zafi.d sends messages in different european languages having > "christmas > content" (for example in Italian with the subject line "Buon natale") > > > We are getting HAMMERED by these but Declude/McAfee is > catching them and > identifying them correctly, DAT 4414.. > > Declude Virus caught a virus with the subject "Merry Christmas!" > from [EMAIL PROTECTED] to: [EMAIL PROTECTED] > > The spool file name is D141c002003280212.SMD. > > The domain that this virus came from is hine.fr > > The IP address of the offending server is 212.180.84.86 > > The name of the virus is link.postcard.index.htm2663.cmd. > The attachment is the W32/[EMAIL PROTECTED] > > Sharyn > > > We are the worldwide producer and marketer of the award winning Cruzan > Single Barrel Rum, judged "Best in the World" at the annual > San Francisco Wine and Spirits Championships. For > more information, please click (go to) <html><a > href="http://www.cruzanrums.com";>www.cruzanrums.com</a></html> > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
