Title: Message
Just in case this was missed; this is zombie generated spam. There are
over 1 million zombies out there on a given day, with many of the bot
networks consisting of over 10,000 IP's. Solving the problem by
blocking IP's is not an effective means. This is not a virus, it's
just spam with a poor choice of name for an image file that is attached.
http://news.com.com/Zombie+PCs+being+sent+to+steal+IDs/2100-7349_3-5616202.html?tag=cd.top
Matt
Andy Schmidt wrote:
Hm,
What version of Declude Virus are you using?
mine reads:
03/16/2005 11:49:53 Q63864DC00020B8C3 Deleting
file with virus
03/16/2005 11:49:53 Q63864DC00020B8C3 Deleting E-mail with virus!
03/16/2005 11:49:53 Q63864DC00020B8C3 Scanned: CONTAINS A VIRUS [MIME:
2 17610]
03/16/2005 11:49:53 Q63864DC00020B8C3 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming
from 217.247.3.127]
03/16/2005 11:49:53 Q63864DC00020B8C3 Subject: Re: Hi
and I'm pretty certain that I've been able to
get Virus statistcs (using DLAnalyzer) with the originating IP long
BEFORE Declude 2.0?
IP Summary Virus Report
Total Incoming Messages from External Networks: 2,792
Virus Infected Messages: 593
Percentage Infected: 21.24%
IP ADDRESS # INFECTED
PERCENTAGE
061092229014.ctinets.com.............................20........0.72%
par69-3-82-224-162-161.fbx.proxad.net................16........0.57%
nitrogen.onspeed.com.................................13........0.47%
maywood-is-0003.webhost.hm-software.com..............12........0.43%
ip-225-194.sn1.eutelia.it.............................9........0.32%
195.25.76.51..........................................8........0.29%
202.163.77.181........................................8........0.29%
253-111.ip.ll.net.....................................8........0.29%
cc273613-a.emmen1.dr.home.nl..........................8........0.29%
62-101-126-213.fastres.net............................8........0.29%
IGLD-80-230-80-220.inter.net.il.......................8........0.29%
host158-188.pool8249.interbusiness.it.................8........0.29%
host54-157.pool8251.interbusiness.it..................8........0.29%
host213-118.pool8257.interbusiness.it.................8........0.29%
210.92.57.169.........................................7........0.25%
host209-107.pool82104.interbusiness.it................7........0.25%
santaana-a392.racsa.co.cr.............................5........0.18%
host-217-172-243-1.gdynia.mm.pl.......................5........0.18%
wsip-70-182-91-175.ok.ok.cox.net......................5........0.18%
ARouen-203-1-37-98.w80-14.abo.wanadoo.fr..............5........0.18%
89.102.99-84.rev.gaoland.net..........................5........0.18%
151.197.99.186........................................4........0.14%
ppp-84-73.29-151.libero.it............................4........0.14%
d12a1.ppp.halden.net..................................4........0.14%
d126a1.ppp.halden.net.................................4........0.14%
d49a1.ppp.halden.net..................................4........0.14%
adsl2p158.access.maltanet.net.........................4........0.14%
santaana-a219.racsa.co.cr.............................4........0.14%
ip88.bb203.pacific.net.hk.............................4........0.14%
207-255-1-025-static.jst.pa.atlanticbb.net............4........0.14%
Best Regards
Andy Schmidt
![]() H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414
x20 (Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/
Unfortunately Declude doesn't list
the IP: (Maybe this could be corrected?)
03/15/2005 19:09:58
Q876023ed02a22c68 Banning file with com extension [image/gif].
03/15/2005 19:10:00 Q876023ed02a22c68 Found a bogus .com file
03/15/2005 19:10:00 Q876023ed02a22c68 Scanned: Banned file extension.
[MIME: 3 10049]
03/15/2005 19:10:00 Q876023ed02a22c68 From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|
