North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

virus spreader from ptt.ru

  • From: Dana Hudes
  • Date: Sun Jun 25 23:52:41 2000 
Hello. A dialup user in ptt.ru is sending out mass mail with a virus attached; tonight was the second time in as many days. The ISP has been notified but has not responded. You may wish to black hole their dialup port range to protect your network's mail systems.

Return-Path: <>
Received: from mail1.panix.com (mail1.panix.com [166.84.0.212])
 by harmony.hudes.org (8.9.3/8.9.3) with ESMTP id MAA01055
 for <dhudes@hudes.org>; Sun, 25 Jun 2000 12:05:53 -0400
Received: by mail1.panix.com (Postfix)
 id 903E530F93; Sun, 25 Jun 2000 12:05:27 -0400 (EDT)
Delivered-To: dhudes@panix.com
Received: from dialup.ptt.ru (dialup.ptt.ru [195.34.0.100])
 by mail1.panix.com (Postfix) with SMTP id 21A6730EC5
 for <dhudes@panix.com>; Sun, 25 Jun 2000 12:05:07 -0400 (EDT)
Received: (qmail 13626 invoked from network); 25 Jun 2000 15:37:06 -0000
Received: from dialup-27028.dialup.ptt.ru (HELO pink) (195.34.27.28)
  by dialup.ptt.ru with SMTP; 25 Jun 2000 15:37:06 -0000
To: web@download.ru
From: Ваш@panix.com, заказ@panix.com
Subject: Mission(download)
Date: Sun, 25 Jun 2000 19:37:47 +0300
Message-Id: <36702.817908564815300.290@localhost>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=juhbchtmlnhbclru
Status:   

--juhbchtmlnhbclru
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit


   Ваш заказ от DOWNLOAD.RU
Http://www.download.ru
Спасибо за ваш выбор.                        
--juhbchtmlnhbclru
Content-Type: application/x-zip-compressed; name="Mission(download).zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Mission(download).zip"

(Virus attachment deleted; if you really want it e-mail me a request)

--juhbchtmlnhbclru--

inetnum:     195.34.0.0 - 195.34.0.127
netname:     PTT-1
descr:       PTT-Teleport Moscow, JSC
descr:       Russia, Moscow
country:     RU
admin-c:     SK6742-RIPE
tech-c:      AVM1-RIPE
status:      ASSIGNED PA
changed:     netmst@ptt.ru 20000323
source:      RIPE

route:       195.34.0.0/19
descr:       PTTNET's first /19 block
origin:      AS6795
notify:      netmst@ptt.ru
mnt-by:      PTTNET-RIPE-MNT
changed:     netmst@ptt.ru 19980206
source:      RIPE