On Thu, 7 Nov 2002 23:25:07 +0100 Ka <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Just received an email with some virus components > from kaspersky-labs.com. .o) > > Possible Exploit.IFrame.FileDownload > and a README.EXE with I-Worm.Bridex > > Here are the headers: > > - ------------------------- BEGIN HEADERS ----------------------------- > Received: from webserver2.kaspersky-labs.com (unknown [195.161.113.178]) > by mail.vegaa.de (Postfix) with ESMTP id A9F37174019 > for <[EMAIL PROTECTED]>; Thu, 7 Nov 2002 22:51:28 +0100 (CET) > Received: by webserver2.kaspersky-labs.com (Postfix) > id 33AB920047; Fri, 8 Nov 2002 00:22:31 +0300 (MSK) > Delivered-To: [EMAIL PROTECTED] > Received: from webserver2.kaspersky-labs.com (unknown [148.235.6.199]) looking for +++++++++++++
dig -x 148.235.6.199 ; <<>> DiG 8.3 <<>> -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUERY SECTION: ;; 199.6.235.148.in-addr.arpa, type = ANY, class = IN ;; ANSWER SECTION: 199.6.235.148.in-addr.arpa. 1H IN PTR customer-148-235-6-199.uninet.net.mx. ;; AUTHORITY SECTION: 6.235.148.in-addr.arpa. 1H IN NS dnsadm-interno.uninet.net.mx. 6.235.148.in-addr.arpa. 1H IN NS nsmex4.uninet.net.mx. 6.235.148.in-addr.arpa. 1H IN NS nsmex3.uninet.net.mx. ;; ADDITIONAL SECTION: dnsadm-interno.uninet.net.mx. 3m36s IN A 200.33.150.193 nsmex4.uninet.net.mx. 3m36s IN A 200.33.146.217 nsmex3.uninet.net.mx. 8m19s IN A 200.33.146.209 ;; Total query time: 383 msec ;; FROM: merlin to SERVER: default -- 172.22.1.251 ;; WHEN: Fri Nov 8 08:54:38 2002 ;; MSG SIZE sent: 44 rcvd: 239 Isn't webserver2.kaspersky-labs.com > by webserver2.kaspersky-labs.com (Postfix) with SMTP id 82ABA20044 > for <[EMAIL PROTECTED]>; Fri, 8 Nov 2002 00:22:26 +0300 >(MSK) > From: Lic.Francisco Cano Sanchez <[EMAIL PROTECTED]> > DATE: Jue, 7 Nov 2002 14:38:56+0000 > X-Mailer: EBT Reporter v 2.x > To: [EMAIL PROTECTED] > subject: Secretaria de Educacion y C. > Mime-Version: 1.0 > Content-Type: multipart/related; > type="multipart/alternative"; > boundary="====_ABC1234567890DEF_====" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Unsent: 1 > Message-Id: <[EMAIL PROTECTED]> > - -------------------------- END HEADERS ------------------------------ > > > Greetings > Ka > - -- > How will you know that it is yourself, > if you have not forged it yourself? > http://www.khidr.net/users/ka/pgpkey.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE9yuhD72vu22ltWBERAhsSAJ9aIpwmz96HM/0j7Q9MXRHC0vHPNQCeJcCH > xTiTInrl5o6rx2S/v5Av+Q0= > =cXHF > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- ------------------------ /"\ [EMAIL PROTECTED] \ / ASCII Ribbon Campaign fon: +49 30 549932-0 X Against HTML Mail fax: +49 30 549932-21 / \ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
