Sorry, I know this is not Psyche specific but this is the most active list.
I received an email, (virus packed no doubt), on 2 different mail
servers, 2 different domains; the message claims to come from root but
the relay IP is in SOA somewhere in China. I don't understand why
sendmail allowed it.
The e-mails had README.EXE embeded in them as a "*.wav" mime type.
This is all that was in the maillog.
Nov 7 00:35:08 mail sendmail[23448]: gA78Z5Y23448:
[EMAIL PROTECTED], size=156475, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=SMTP,
daemon=MTA, relay=[211.101.140.97]
Nov 7 00:35:09 mail sendmail[23449]: gA78Z5Y23448:
[EMAIL PROTECTED], [EMAIL PROTECTED] (0/0),
delay=00:00:03, xdelay=00:00:00, mailer=local, pri=216178, dsn=2.0.0,
stat=Sent
Thanks,
Joshua
- Re: strange e-mail from root Joshua Andrews
- Re: strange e-mail from root Marc Deslauriers
- Re: strange e-mail from root Michael Knepher
- Re: strange e-mail from root Michael Schwendt
- Re: strange e-mail from root Christian Thibodeau
- Re: strange e-mail from root Michael Schwendt
- Re: strange e-mail from root Mike Chambers
- Re: strange e-mail from root jdow
- Re: strange e-mail from ... Ed Wilts
- Re: strange e-mail from ... Robert L. Cochran
- Re: strange e-mail from ... jdow
