On Tuesday 09 Sep 2003 1:47 pm, HaywireMac wrote:
> On Tue, 9 Sep 2003 11:24:05 +0100
>
> Anne Wilson <[EMAIL PROTECTED]> uttered:
> > Interesting one, that. Coming through with the Approved subject
> > line I was immediately suspicious, but ancestry.com appears to be
> > a genuine genealogy site for USA, and rightnowtech.com looks
> > genuine enough, so the only question is why mandrake? Could it
> > be that one of these sites has been hacked to include a trojan?
> > This is way beyond me.
>
> no, they're infected.
>
> if you see the post down a bit, it has the subject "wicked
> screensaver", which was one of the subjects I was getting with the
> .pif attachments previously. this is getting bad.
>
Hmm - Imissed seeing that on Charlie's. I have had two, one with
'Approved' and the other with 'Details' in the subject line, but
there doesn't appear to be any attachment, or anything else
suspicious showing up when you open up the full headers, for
instance, nor when I opened them in POPFile to examine them. Surely
they can't be running an executable in the subject line, can they?
Here are the headers from one of mine:
Return-Path: <[EMAIL PROTECTED]>
Received: from smtp.mandrake.org (212.43.244.24) by
mk-cpfrontend.uk.tiscali.com (6.7.018)
id 3F5876A60065BE71 for [EMAIL PROTECTED]; Tue, 9 Sep
2003 02:49:39 +0100
Received: from smtp.mandrax.org (smtp.mandrax.org [80.67.180.169])
by smtp.mandrake.org (Postfix) with ESMTP
id 8B5D54A9E82; Tue, 9 Sep 2003 03:56:49 +0200 (CEST)
Received: by smtp.mandrax.org (Postfix, from userid 0)
id CA4B456A2F; Mon, 8 Sep 2003 22:04:03 +0200 (CEST)
Delivered-To: [EMAIL PROTECTED]
Received: from utilnj01.rightnowtech.com (utilnj01.rightnowtech.com
[63.240.89.31]) by smtp1.mandrax.org (Postfix) with ESMTP id
3EB3E13664
for <[EMAIL PROTECTED]>; Mon, 8 Sep 2003 21:06:32 +0200
(CEST)
Received: from rntnj (localhost.localdomain [127.0.0.1]) by
utilnj01.rightnowtech.com (8.11.6/8.11.6) with SMTP id
h890pt821203 for
<[EMAIL PROTECTED]>; Mon, 8 Sep 2003 20:51:55 -0400
Mime-Version: 1.0
Message-Id: <[EMAIL PROTECTED]>
Date: Mon, 8 Sep 2003 18:51:55 -0600 (MDT)
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Content-Type: Multipart/Alternative;
boundary="------------Boundary-00=_J29XQADPJDU1VA400000"
X-Loop: expert@
X-Sequence: 379
Precedence: list
X-Validation-BY: [EMAIL PROTECTED]
Subject: [expert] Re: Re: Details
Sender: [EMAIL PROTECTED]
X-Text-Classification: spam
Status: R
X-Status: N
X-KMail-EncryptionState:
X-KMail-SignatureState:
And if ancestry.com and rightnowtech.com are genuine, perhaps someone
should alert them as to what's happening?
Anne
--
Registered Linux User No.293302
Have you visited http://twiki.mdklinuxfaq.org yet?
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
