Това си е оффтопик, обаче погледни примерно
http://www.f-secure.com/v-descs/mydoom_m.shtml
Поздрави,
Андро
nikkk wrote:
Привет група ....
Получих няколко притеснителни мейла където като подател е [EMAIL PROTECTED]
това ми показва лога:
sendmail[6747]: i7C71234DFG747: <[EMAIL PROTECTED]>... User unknown
sendmail[6747]: i7C71234DFG747: from=<[EMAIL PROTECTED]>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=mail.chuzddomain.bg [211.211.211.83]
И след това ми се изпраща на root :
sendmail[6748]: i7C7674WEDC8: from=<>, size=41418, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=mail.chuzddomain.bg [211.211.211.83]
sendmail[6749]: i7C7674WEDC8: to=superuser, delay=00:00:05, xdelay=00:00:04, mailer=local, pri=101674, dsn=2.0.0, stat=Sent
Това е мейла който получавам:
Return-Path: <>
Received: from chuzddomain.bg (mail.chuzddomain.bg [211.211.211.83])
by mail.moidomain.bg(8.13.1/8.13.1) with ESMTP id i7C7674WEDC8
for <[EMAIL PROTECTED]>; Thu, 12 Aug 2004 11:56:12 +0300
Message-Id: <[EMAIL PROTECTED]>
Received: (qmail 5623 invoked for bounce); 12 Aug 2004 07:15:07 -0000
Date: 12 Aug 2004 07:15:07 -0000
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: failure notice
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
Status:
Hi. This is the qmail-send program at chuzddomain.bg. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
<[EMAIL PROTECTED]>: 131.131.108.160 does not like recipient. Remote host said: 550 5.1.1 <[EMAIL PROTECTED]>... User unknown Giving up on 131.131.108.160.
--- Below this line is a copy of the message.
Return-Path: <[EMAIL PROTECTED]> Received: (qmail 5617 invoked from network); 12 Aug 2004 07:15:06 -0000 Received: from unknown (HELO moidomain.bg) (192.168.10.50) by 192.168.1.51 with SMTP; 12 Aug 2004 07:15:06 -0000 From: "Mail Delivery Subsystem" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Hi Date: Thu, 12 Aug 2004 10:58:53 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0002_BDAE.BBCD" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
This is a multi-part message in MIME format.
------=_NextPart_000_0002_B4AE0.B3CD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit
Dear user [EMAIL PROTECTED],
We have detected that your email account has been used to send a large amount of spam during the last week. We suspect that your computer was compromised and now runs a hidden proxy server.
Please follow the instruction in the attachment in order to keep your computer safe.
Virtually yours, The moidomain.bg team.
------=_NextPart_000_0002_BDA0.B3BBCD Content-Type: application/octet-stream; name="document.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="document.zip"
131.131.108.160 - Това е адреса на сървъра ми Ползвам sendmail v.8.13.1
============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================
============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================
