Go to the FreeLists Home Page Home Signup Help Login 		 



[arachne] || [Date Prev] [05-2004 Date Index] [Date Next] || [Thread Prev] [05-2004 Thread Index] [Thread Next]

[arachne] Re: Bounced Message

  • From: Glenn Gilbreath Jr. <wizard57m@xxxxxxxxxxxx>
  • To: Arachne@xxxxxxxxxxxxx
  • Date: Tue, 11 May 2004 12:28:52 CST
Arachne at FreeLists---The Arachne Fan Club!

Bob,

I also received the bounce message, since I am also a moderator.
I didn't bother examining too closely the contents of the ZIP, since
more likely than not it is some sort of Win9X or later trojan
program.  How it got sent to the list?  I think one of the list
managers at CoolLists subscribed CoolLists, but not 100 percent sure.
Best guess as to how it was sent...someone on the Coolists group(s)
IS running Win9X or later and has a trojan mass-mailer program that
has infected their system.  One could trace backward through the
various actual mail relay servers and possibly find the infected
machine...however, a simple message to the A4DOS list at coollists
telling those with Win9X or later running would be well advised to
scan for viruses/trojans with current updated antivirus.

C U L8R!
Wiz  <{;-)
(signature below)

  >
  > Hi all,
  > This bounce came to me as one of the moderators. I edited out the Base 64
  > program and a few lines specific for list moderators.
  >
  > This is FYI for all who are interested in these things, but aren't on the
  > list of moderators.
  >
  > A a quick glance, it looks like a virus. I have the original message, if
  > anybody wants to look at the complete version.
  >
  > Why would <arachne4dos@xxxxxxxxxxxx> and <arachne@xxxxxxxxxxxxx> be
  > exchanging messages unless somebody manually tweaked the original message
  > (which probably means a person on one or both of the Arachne lists).
  > Otherwise, how could two 'closed lists' get each other's address (but my
  > other lists get missed in the distribution)?
  > 
  > Hmmm. Maybe there's a simple explanation, so I'm sharing it with the
  > group.
  > 
  > Thoughts ... anyone?
  > 
  > Bob
  > 
  > 
  > --- beginning of bounced message ---
  > 
  > This message was received for a list you are a moderator on, and
  > was marked for moderation due to the following reason:
  > Non-member submission to closed-post list.
  >
  > <SNIP>
  >  
  > From MAILER-DAEMON  Tue May 11 11:04:31 2004
  > Return-Path: <>
  > X-Original-To: arachne@xxxxxxxxxxxxx
  > Delivered-To: arachne@xxxxxxxxxxxxx
  > Received: from localhost (localhost [127.0.0.1])
  >         by turing.freelists.org (Avenir Technologies Mail Multiplex) with
  > ESMTP id DD3EE72F804
  >         for <arachne@xxxxxxxxxxxxx>; Tue, 11 May 2004 11:03:29 -0500
  > (EST)
  > Received: from turing.freelists.org ([127.0.0.1])
  > by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
  > id 06053-17 for <arachne@xxxxxxxxxxxxx>;
  > Tue, 11 May 2004 11:03:29 -0500 (EST)
  > Received: from mtx.coollist.com (unknown [64.62.191.16])
  >         by turing.freelists.org (Avenir Technologies Mail Multiplex) with
  > SMTP id 99D9172F6D3
  >         for <arachne@xxxxxxxxxxxxx>; Tue, 11 May 2004 11:02:38 -0500
  > (EST)
  > Received: (qmail 52784 invoked for bounce); 11 May 2004 16:16:11 -0000
  > Date: 11 May 2004 16:16:11 -0000
  > From: MAILER-DAEMON@xxxxxxxxxxxxxxxx
  > To: arachne@xxxxxxxxxxxxx
  > Subject: failure notice
  > Message-Id: <20040511160239.99D9172F6D3@xxxxxxxxxxxxxxxxxxxx>
  > X-Virus-Scanned: by amavisd-new at freelists.org
  >  
  > Hi. This is the qmail-send program at mtx.coollist.com.
  > I'm afraid I wasn't able to deliver your message to the following
  > addresses.
  > This is a permanent error; I've given up. Sorry it didn't work out.
  >  
  > <arachne4dos@xxxxxxxxxxxx>:
  > You need to be a member of the list to post to it
  >  
  > --- Below this line is a copy of the message.
  >  
  > Return-Path: <arachne@xxxxxxxxxxxxx>
  > Received: (qmail 52715 invoked by uid 0); 11 May 2004 16:16:10 -0000
  > Received: from unknown (HELO INTERNET.net) (200.62.133.154)
  >   by unknown.astraweb.com with SMTP; 11 May 2004 16:16:10 -0000
  > Date: Tue, 11 May 2004 11:23:42 -0500
  > To: "Arachne" <arachne4dos@xxxxxxxxxxxx>
  > From: "Arachne" <arachne@xxxxxxxxxxxxx>
  > Subject: RE: Protected message
  > Message-ID: <jeocncmyyfpbjkmjzgi@xxxxxxxxxxxx>
  > MIME-Version: 1.0
  > Content-Type: multipart/mixed;
  >         boundary="--------nznpbeybzinckpbllzdr"
  >  
  > ----------nznpbeybzinckpbllzdr
  > Content-Type: text/html; charset="us-ascii"
  > Content-Transfer-Encoding: 7bit
  >  
  > <html><body>
  > 
  >  
  > <br>
  > </body></html>
  >  
  > ----------nznpbeybzinckpbllzdr
  > Content-Type: application/octet-stream; name="Loves_money.com"
  > Content-Transfer-Encoding: base64
  > Content-Disposition: attachment; filename="Loves_money.com"
  >  
  > TVoAAAEAAAAC ....
  > 
  > <SNIP>
  > 
  > --- end of bounced message ---
Wiz  <{;-)
Wizard57M
Glenn Gilbreath Jr.
http://members.surfbest.net/wizard57m@xxxxxxxxxxxx/index.htm
-- DOS Internet, Close Windows and Keep the Internet Open! --

Arachne at FreeLists
-- Arachne, The Web Browser/Suite for DOS and Linux --




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2007 Avenir Technologies, LLC.