From: "Ron Liu" <rliu@email.sjsu.edu>
Reply-To: <rliu@email.sjsu.edu>
To: <samba@lists.samba.org>
CC: <openldap-software@OpenLDAP.org>
Subject: Please check if your are sending offending emails
Date: Thu, 25 Sep 2003 07:35:00 -0700
Hi, There
Last few weeks I've received tons of these "Microsoft Security updates"
emails with Virus attachment. These email must be from samba or ldap
mailing
list. Following I listes some sender's source IP address and host names.
This only very small part of list. If I have time, I will be sending more
offending hosts list to you. Please take a look if your machine happened to
be one of the offending hosts, please try to clean it up. You can find more
information about clean up the infected machine from
http://securityresponse.symantec.com/
Offending hosts list (part 1)
********************************************************
from in.menzolit-fibron.sk ([217.118.110.162])
Received: from empcorreo.onolab.com (smtp.onored.com [62.42.230.27])
from cobalt.eux.nl (213-132-174-148.multikabel.nl [213.132.174.148])
Received: from smtp04.wxs.nl (smtp04.wxs.nl [195.121.6.59])
Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206])
Received: from fxdmfn (80.182.241.123) by vsmtp12.tin.it (7.0.019)
Received: from mail.chariot.net.au (mail.chariot.net.au [203.87.95.38])
Received: from clbnqpl (ppp-080.cust203-87-121.ghr.chariot.net.au
[203.87.121.80])
by mail.chariot.net.au (Postfix) with SMTP
Received: from mta06bw.bigpond.com (mta06bw.bigpond.com [144.135.24.156])
Received: from qngjcj ([144.135.24.72]) by mta06bw.email.bigpond.com
(iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
with SMTP id <0HLR00B9XQZUWA@mta06bw.email.bigpond.com> for
Received: from poczta.xtra.pl (poczta.xtra.pl [212.14.56.8])
Received: from zpvcvl (em21313623232.teleton.pl [213.136.232.32])
by poczta.xtra.pl (Postfix) with SMTP
id 6C1591AEBC; Thu, 25 Sep 2003 14:13:05 +0200 (CEST)
Received: from mail0.ewetel.de (mail0-96.ewetel.de [212.6.122.96])
Received: from pjcsj (dialin-79153.ewetel.net [212.6.79.153])
by mail0.ewetel.de (8.12.1/8.12.9) with SMTP id h8PC77jB029732;
Thu, 25 Sep 2003 14:07:08 +0200 (MEST)
Received: from imf21aec.mail.bellsouth.net (imf21aec.mail.bellsouth.net
[205.152.59.69])
Received: from lqocotba ([68.209.11.2]) by imf21aec.mail.bellsouth.net
(InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with SMTP
id
<20030925114941.WHHO1847.imf21aec.mail.bellsouth.net@lqocotba>;
Thu, 25 Sep 2003 07:49:41 -0400
Received: from torvals1.ciudadglobal.com.ar (200.69.145.126.techtelnet.net
[200.69.145.126] (may be forged))
Received: from jdnhorq (asterix-nat1.ciudadglobal.com.ar [200.69.145.124]
(may be forged))
by torvals1.ciudadglobal.com.ar (8.12.8/8.12.8) with SMTP id
h8PEHlAB028358;
Thu, 25 Sep 2003 11:17:48 -0300
Received: from mail.d-net.cz (mail.d-net.cz [194.213.244.98])
Received: from server.menu.cz (swuniv.d-net.cz [195.128.197.117] (may be
forged))
by mail.d-net.cz (8.12.3/8.12.3/Debian-6.6) with ESMTP id h8PE3qLm001832;
Received: from webserver.pmp.pr.gov.br ([200.163.242.234])
Received: from ywqwyrl (unknown [192.168.1.140])
by webserver.pmp.pr.gov.br (Postfix) with SMTP
id A5403D81E9; Thu, 25 Sep 2003 07:59:37 -0300 (BRT)
***********************************************************************
Thank you for your help
Ron Liu
Information Technology Consultant
Biology Department
San Jose State University
408-924-4860
rliu@email.sjsu.edu