Re: Irritating Spam/Worm(?)
On Sat, 18 Oct 2003 13:29:21 +0800 Chong Yu Meng [EMAIL PROTECTED] wrote: Hi All, Ever since I posted a message to the Smallville newsgroup (yes, I watch that stuff. If you didn't grow up watching Christopher Reeve as Superman and Lynda Carter as Wonder Woman, well, you wouldn't understand), I've been getting a lot of spam mail. As I am on a Linux machine, the attachment (Content type is audio/x-midi; name=henn.exe, but the filename varies, though the EXE extension does not) does nothing. However, it displays an intriguing little grey square in the email message. The message body typically says that a message was undeliverable. The originating and terminating addresses are bogus. I have 2 questions: 1. How do I track down the origin of the mail ? I'm just curious as to what other people do when they want to track down these mails. Just look at the full header. It shows the originating IP right at the top. 2. Does anybody know what the attachment does? Some links to computing resources would help, though I find some of the sites so verbose as to be next to useless. Anything for the lay person? Probably either a virus or XXX-spam. Of course, you have to be stupid enough to run Windoze and Outhouse or Outhouse Distress so the file runs automagcally. Either way it will infect your system with a virus or a non-removable link that will open a porn site and probably send this virus to all your friends so they can see how dumb you are. Ciao, David A. Bandel -- Focus on the dream, not the competition. Nemesis Racing Team motto GPG key autoresponder: mailto:[EMAIL PROTECTED] pgp0.pgp Description: PGP signature ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
David A. Bandel wrote: Just look at the full header. It shows the originating IP right at the top. Would this be it ? Received: from infomail.es (39038.rad.tsai.es [195.235.39.38]) So, assuming that I wanted to follow up on this, do I send an email to the administrator of that block? Would it do any good ? Regards, pascal chong ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
On Sat, 18 Oct 2003 20:39:20 +0800 Chong Yu Meng [EMAIL PROTECTED] wrote: David A. Bandel wrote: Just look at the full header. It shows the originating IP right at the top. Would this be it ? Received: from infomail.es (39038.rad.tsai.es [195.235.39.38]) So, assuming that I wanted to follow up on this, do I send an email to the administrator of that block? Would it do any good ? Regards, pascal chong Maybe, maybe not. There's always the possibility that this is the ip address of an already virus infected windows box! -- Collins Richey - Denver Area if you fill your heart with regrets of yesterday and the worries of tomorrow, you have no today to be thankful for. ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
Chong Yu Meng wrote: Hi All, Ever since I posted a message to the Smallville newsgroup ... I've been getting a lot of spam mail. As I am on a Linux machine, the attachment (Content type is audio/x-midi; name=henn.exe, but the filename varies, though the EXE extension does not) does nothing. However, it displays an intriguing little grey square in the email message. The message body typically says that a message was undeliverable. Don't feel alone. I get these every day. -- Ken ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
On Sat, 18 Oct 2003 20:39:20 +0800 Chong Yu Meng [EMAIL PROTECTED] wrote: David A. Bandel wrote: Just look at the full header. It shows the originating IP right at the top. Would this be it ? Received: from infomail.es (39038.rad.tsai.es [195.235.39.38]) So, assuming that I wanted to follow up on this, do I send an email to the administrator of that block? Would it do any good ? yes. you can try [EMAIL PROTECTED] That address should exist. May or may not do any good. Ciao, David A. Bandel -- Focus on the dream, not the competition. Nemesis Racing Team motto GPG key autoresponder: mailto:[EMAIL PROTECTED] pgp0.pgp Description: PGP signature ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David A. Bandel wrote: | On Sat, 18 Oct 2003 20:39:20 +0800 | Chong Yu Meng [EMAIL PROTECTED] wrote: | | |David A. Bandel wrote: | | |Just look at the full header. It shows the originating IP right at |the top. | | | |Would this be it ? | |Received: from infomail.es (39038.rad.tsai.es [195.235.39.38]) | | |So, assuming that I wanted to follow up on this, do I send an email to | |the administrator of that block? Would it do any good ? | | | yes. you can try [EMAIL PROTECTED] That address should exist. May or | may not do any good. | | Ciao, | | David A. Bandel | | According to senderbase.org that ip is delegated to tsai.es (maybe a parent). http://www.senderbase.org/search?searchString=195.235.39.38 I've found them to be very useful in determining whether to block an individual ip or an entire netblock, based upon how many addresses in the netblock are known mailers. They're at http://www.senderbase.org - -- Andrew Mathews - - ~ 1:40pm up 17 days, 18:12, 11 users, load average: 1.04, 1.08, 1.14 - - Things will get better despite our efforts to improve them. -- Will Rogers - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org iD8DBQE/kZlvidHQ0m/kEssRAv7MAJ0Uuwblc8RXSRixveHVSAxDsWzDugCfRyym 1myYd5oZRPmuJcopN4HNCjk= =SL2u -END PGP SIGNATURE- ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
