We're getting hammered as well. One thing I did notice is that the virus
seems be targeting mail.domainname instead of doing an MX lookup for the
correct mail server, and seems to be using a dictionary of common usernames
instead of working off of a compromised address book -- yet another reason to
get rid of nobody aliases ;-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sharyn Schmidt
Sent: Tuesday, December 14, 2004 2:36 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Zafi.d
Zafi.d sends messages in different european languages having
christmas
content (for example in Italian with the subject line Buon natale)
We are getting HAMMERED by these but Declude/McAfee is
catching them and
identifying them correctly, DAT 4414..
Declude Virus caught a virus with the subject Merry Christmas!
from [EMAIL PROTECTED] to: [EMAIL PROTECTED]
The spool file name is D141c002003280212.SMD.
The domain that this virus came from is hine.fr
The IP address of the offending server is 212.180.84.86
The name of the virus is link.postcard.index.htm2663.cmd.
The attachment is the W32/[EMAIL PROTECTED]
Sharyn
We are the worldwide producer and marketer of the award winning Cruzan
Single Barrel Rum, judged Best in the World at the annual
San Francisco Wine and Spirits Championships. For
more information, please click (go to) htmla
href=http://www.cruzanrums.com;www.cruzanrums.com/a/html
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
