2 Virus attacts on me in 2 days

Emagine

Perch
Staff member
2 Virus attacks on me in 2 days

hi jodo, wasn't sure if to post here or ticket

yesterday and today i have been sent viruses. each time it was 50 emails to the exact email address.

im not sure if yesterdays was the same as toays though.

heres a copy of the email and all the trimmings

headers are below

eturn-Path: <webmaster@edit>
Delivered-To: admin@edit
Received: (qmail 32451 invoked by uid 399); 2 Mar 2005 22:05:16 -0000
Delivered-To: edited@edit
Received: (qmail 32169 invoked by uid 399); 2 Mar 2005 22:05:09 -0000
X-Virus-Scan: Scanned by clamdmail 0.15 on mail3.m****here.biz (no viruses);
Wed, 02 Mar 2005 17:05:15 -0500
Received: from unknown (HELO vtipy.com) (81.215.114.1)
by mail.m****here.biz with SMTP; 2 Mar 2005 22:05:09 -0000
From: edited@edit
To: edited@edit
Date: Wed, 02 Mar 2005 20:09:23 GMT
Subject: Paris Hilton, pure!
Importance: Normal
X-Priority: 3 (Normal)
Message-ID: <da8f73f.b71e74f1c8ef@edit>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=====4a9768b.0decbed51d4b0a1"
Content-Transfer-Encoding: 7bit


i can't read these but here you go i thought it was strange it was 50 (as its jodo's limit)

<-- as shown it was on the breathofair email account held under my "AirHead" jodoshared account -->
 
io found one of the ones on the 26/02 (sorry thought it was yesturday) it was from mynet.com (which is the name server of te one within the post above)

here are the headers of the other email i recieved 50 of

Return-Path: <service@edited>
Delivered-To: edited@edit
Received: (qmail 20221 invoked by uid 399); 26 Feb 2005 06:34:33 -0000
Delivered-To: edited
Received: (qmail 19909 invoked by uid 399); 26 Feb 2005 06:34:18 -0000
X-Virus-Scan: Scanned by clamdmail 0.15 on mail3.m****here.biz (no viruses);
Sat, 26 Feb 2005 01:34:33 -0500
Received: from unknown (HELO ayvfdog.com) (81.215.124.230)
by mail.m****here.biz with SMTP; 26 Feb 2005 06:34:18 -0000
From: service@edit
To: edited
Date: Sat, 26 Feb 2005 05:20:59 UTC
Subject: Paris Hilton, pure!
Importance: Normal
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==8699a29be4104.a66df42"
Content-Transfer-Encoding: 7bit
 
Also, I hope you dont mind, but I am going to edit out email addresses, as we and I am sure you,don't want them getting index by spam spiders or search engines.
 
Both mails look they came from a DSL user of Turkish Telecom
http://www.ttnet.net.tr/

//
Received: from unknown (HELO vtipy.com) (81.215.114.1)
by mail.m****here.biz with SMTP; 2 Mar 2005 22:05:09 -0000
//

81.215.114.1 is a Turkish Telecom IP, so is the other one.

You could try forwarding the headers to [email protected] if it keeps up.
 
yes i did have the catch all enabled im going to sort the email addresses i have and ake it so the catch all is turned off.

the virus was called I-Worm/Sober.K , both attacks had the same virus
 
disabling the catchall is a good idea, from what I saw it looked like it hit your domain with random gibberish and your catchall picked it up
 
Back
Top