I Suspect that it is a targetted long term attack against higher targets see the one below from march 3,2004
I saw this one the other day I thought the guys I hosted with wrote better english Suspicious fromthe start
From - Wed Mar 3 08:48:00 2004 X-UIDL: &jJ"!-ek"!S[/"!8>c!! X-Mozilla-Status: 1001 X-Mozilla-Status2: 10000000 Return-Path: <[EMAIL PROTECTED]> Received: from techsp05 ([203.177.127.113]) by changed.not (8.10.2/8.9.3) with SMTP id i23CZqe08455 for <[EMAIL PROTECTED]>; Wed, 3 Mar 2004 08:35:53 -0400 Date: Wed, 03 Mar 2004 20:43:45 +0800 To: [EMAIL PROTECTED] Subject: Notify about using the e-mail account. From: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------iwmrgskpbqjqjvtotrwg" X-UIDL: &jJ"!-ek"!S[/"!8>c!!
----------iwmrgskpbqjqjvtotrwg Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit
Dear user of e-mail server "mydomain.xx",
Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free
auto-forwarding service.
For details see the attached file.
Attached file protected with the password for security reasons. Password is 55366.
Cheers, The mydomain team http://www.mydomain
----------iwmrgskpbqjqjvtotrwg Content-Type: application/octet-stream; name="TextDocument.zap" Content-Transfer-Encoding: Content-Disposition: attachment; filename="TextDocument.zap"
some zipped bad file here=
----------iwmrgskpbqjqjvtotrwg--
I Forgot to mention My current email provider for this list scrubs my email without letting us know it
so they can still sell us antivirus subscritption service on phone bill
damn capatalist buzzards How am I supposed to get my AV samples ;-)
[change list email addresses steve] :-D
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
