Jump to content

New Spam with virus that fools SpamCop?


btech

Recommended Posts

I've received this spam 2 times [at] a hotmail address of mine. Attached to the email, which looks like a bounce, is the Netsky worm. When I tried to forward to my reporting link, SpamCop sees the email as a bounce, so it doesn't report the spam. But it CLEARLY is spam and a malicious one at that:

X-Message-Info: JGTYoYF78jFzK+cjWxSoXZxjeWUnBWjk

Received: from lamx03.mgw.rr.com ([66.75.160.11]) by mc8-f31.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);

  Mon, 4 Oct 2004 20:54:58 -0700

Received: from localhost (localhost)

by lamx03.mgw.rr.com (8.12.10/8.12.8) id i94KbZuv023452;

Mon, 4 Oct 2004 23:54:57 -0400 (EDT)

Date: Mon, 4 Oct 2004 23:54:57 -0400 (EDT)

From: Mail Delivery Subsystem <MAILER-DAEMON[at]lamx03.mgw.rr.com>

Message-Id: <200410050354.i94KbZuv023452[at]lamx03.mgw.rr.com>

To: <btech[at]hotmail.com>

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

boundary="i94KbZuv023452.1096948497/lamx03.mgw.rr.com"

Subject: Returned mail: see transcript for details

Auto-Submitted: auto-generated (failure)

Return-Path: <>

X-OriginalArrivalTime: 05 Oct 2004 03:54:58.0303 (UTC) FILETIME=[1506D0F0:01C4AA8F]

This is a MIME-encapsulated message

--i94KbZuv023452.1096948497/lamx03.mgw.rr.com

The original message was received at Sat, 2 Oct 2004 21:36:26 -0400 (EDT)

from 69-172-235-249.vnnyca.adelphia.net [69.172.235.249]

----- The following addresses had permanent fatal errors -----

<tglaser[at]socal.rr.com>

    (reason: 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com)

----- Transcript of session follows -----

... while talking to ms-mta-02-fn.socal.rr.com.:

>>> DATA

<<< 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com

<tglaser[at]socal.rr.com>... Deferred: 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com

<<< 554 5.5.0 No recipients have been specified.

Message could not be delivered for 2 days

Message will be deleted from queue

--i94KbZuv023452.1096948497/lamx03.mgw.rr.com

Content-Type: message/delivery-status

Reporting-MTA: dns; lamx03.mgw.rr.com

Arrival-Date: Sat, 2 Oct 2004 21:36:26 -0400 (EDT)

Final-Recipient: RFC822; tglaser[at]socal.rr.com

Action: failed

Status: 4.4.7

Remote-MTA: DNS; ms-mta-02-fn.socal.rr.com

Diagnostic-Code: SMTP; 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com

Last-Attempt-Date: Mon, 4 Oct 2004 23:54:57 -0400 (EDT)

--i94KbZuv023452.1096948497/lamx03.mgw.rr.com

Content-Type: text/rfc822-headers

Received: from socal.rr.com (69-172-235-249.vnnyca.adelphia.net [69.172.235.249])

by lamx03.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i931aQuI000751

for <tglaser[at]socal.rr.com>; Sat, 2 Oct 2004 21:36:26 -0400 (EDT)

Message-Id: <200410030136.i931aQuI000751[at]lamx03.mgw.rr.com>

From: **********[at]hotmail.com

To: tglaser[at]socal.rr.com

Subject: Notice again

Date: Sat, 2 Oct 2004 18:36:26 -0700

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0016----=_NextPart_000_0016"

X-Priority: 3

X-MSMail-Priority: Normal

X-Virus-Scanned: Symantec AntiVirus Scan Engine

X-Virus-Scan-Result: Repaired 36326 W32.Netsky.P[at]mm

--i94KbZuv023452.1096948497/lamx03.mgw.rr.com--

Anyone else seen this or know how to report it?

Link to comment
Share on other sites

It is against spamcop rules to report Virus related emails.  You can use spamcop to determine the source (headers only) them manually report it to the ISP.

18326[/snapback]

oh man... I didn't know that. sorry! I'll manually report it :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...