Hello I've got following email with malicious attachment ([email protected] with "[email protected]<many-spaces>.scr" which looks like something sent using the mailing list. I wonder if this message was sent using the mailing list infrastructure (e.g. some mailing list spam bot subscribed to the list) or it just has spoofed headers?
Marcin <ORIGINAL_MESSAGE> >From - Thu May 22 03:00:31 2014 X-Account-Key: account2 X-UIDL: 1400720117.KqE2tu.11,S=42794 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <[email protected]> Delivered-To: [email protected] (xxx) Received: (wp-smtpd mx.wp.pl 4523 invoked from network); 22 May 2014 02:55:14 +0200 Received: from gate0.canoo.com ([195.141.68.118]) (envelope-sender <[email protected]>) by mx.wp.pl (WP-SMTPD) with SMTP for <[email protected]>; 22 May 2014 02:55:14 +0200 Received: from dell1.canoo.com (dell1.canoo.com [192.168.0.13]) by canoo.com (Postfix) with ESMTP id 54EFB8858132; Thu, 22 May 2014 02:55:10 +0200 (CEST) X-Original-To: [email protected] Delivered-To: [email protected] Received: from lists.canoo.com (unknown [113.160.113.45]) by canoo.com (Postfix) with ESMTP id C22A88858132 for <[email protected]>; Thu, 22 May 2014 02:54:45 +0200 (CEST) From: "Returned mail" <[email protected]> To: [email protected] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0008_5643A2AC.7C01D928" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <[email protected]> Subject: [Webtest] Message could not be delivered Sender: [email protected] Errors-To: [email protected] X-BeenThere: [email protected] X-Mailman-Version: 2.0.6 Precedence: bulk Reply-To: [email protected] Reply-To: "Returned mail" <[email protected]> List-Unsubscribe: <http://lists.canoo.com/mailman/listinfo/webtest>, <mailto:[email protected]?subject=unsubscribe> List-Id: Canoo WebTest Interest List <webtest.lists.canoo.com> List-Post: <mailto:[email protected]> List-Help: <mailto:[email protected]?subject=help> List-Subscribe: <http://lists.canoo.com/mailman/listinfo/webtest>, <mailto:[email protected]?subject=subscribe> List-Archive: <http://lists.canoo.com/pipermail/webtest/> Date: Thu, 22 May 2014 07:54:39 +0700 X-WP-DKIM-Status: no signature (id: n/a) X-WP-AV: skaner antywirusowy poczty Wirtualnej Polski S. A. X-WP-SPAM: YES (U9) 0000019 [oQrd] This is a multi-part message in MIME format. ------=_NextPart_000_0008_5643A2AC.7C01D928 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dear user of lists.canoo.com, Your account has been used to send a large amount of unsolicited e-mail during the last week. Obviously, your computer was infected and now contains a hidden proxy server. Please follow our instructions in order to keep your computer safe. Have a nice day, The lists.canoo.com team. (... - attachments) </ORIGINAL_MESSAGE> _______________________________________________ WebTest mailing list [email protected] http://lists.canoo.com/mailman/listinfo/webtest
