1 |
Hi. |
2 |
I seem to be the victim of an attack to get me of mailing lists. |
3 |
Here is the message I've been getting with the contents of the |
4 |
file ______-ed out. |
5 |
So my server doesn't allow .com attachements and this attacker somehow |
6 |
manages to make the mailing list manager think messages sent to me are |
7 |
bouncing. |
8 |
Am I right? |
9 |
|
10 |
gentoo-security-help@l.g.o wrote: |
11 |
> Hi! This is the ezmlm program. I'm managing the |
12 |
> gentoo-security@g.o mailing list. |
13 |
> |
14 |
> I'm working for my owner, who can be reached |
15 |
> at gentoo-security-owner@g.o. |
16 |
> |
17 |
> |
18 |
> Messages to you from the gentoo-security mailing list seem to |
19 |
> have been bouncing. I sent you a warning message, but it bounced. |
20 |
> I've attached a copy of the bounce message. |
21 |
> |
22 |
> This is a probe to check whether your address is reachable. If this |
23 |
> probe bounces, I will remove your address from the |
24 |
> gentoo-security@g.o mailing list, without further notice. |
25 |
> |
26 |
> You can re-subscribe by sending a message to this address: |
27 |
> <gentoo-security-subscribe@g.o> |
28 |
> |
29 |
> |
30 |
> --- Enclosed is a copy of the bounce message I received. |
31 |
> |
32 |
> Return-Path: <> |
33 |
> Received: (qmail 22187 invoked from network); 2 Aug 2004 00:10:57 +0000 |
34 |
> Received: from horse.hostspectrum.com (209.120.224.103) |
35 |
> by lists.gentoo.org with AES256-SHA encrypted SMTP; 2 Aug 2004 00:10:57 +0000 |
36 |
> Received: from mailnull by horse.hostspectrum.com with local (Exim 4.34) |
37 |
> id 1BrQPf-00072M-Nm |
38 |
> for gentoo-security-return-warn-1091405444.lblaoilajclmcdganoam-adriancapdefier=digifin.ro@l.g.o; Sun, 01 Aug 2004 19:10:47 -0500 |
39 |
> X-Failed-Recipients: adriancapdefier@×××××××.ro |
40 |
> Auto-Submitted: auto-generated |
41 |
> From: Mail Delivery System <Mailer-Daemon@××××××××××××××××××.com> |
42 |
> To: gentoo-security-return-warn-1091405444.lblaoilajclmcdganoam-adriancapdefier=digifin.ro@l.g.o |
43 |
> Subject: Mail delivery failed: returning message to sender |
44 |
> Message-Id: <E1BrQPf-00072M-Nm@××××××××××××××××××.com> |
45 |
> Date: Sun, 01 Aug 2004 19:10:47 -0500 |
46 |
> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report |
47 |
> X-AntiAbuse: Primary Hostname - horse.hostspectrum.com |
48 |
> X-AntiAbuse: Original Domain - lists.gentoo.org |
49 |
> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] |
50 |
> X-AntiAbuse: Sender Address Domain - |
51 |
> X-Source: |
52 |
> X-Source-Args: |
53 |
> X-Source-Dir: |
54 |
> |
55 |
> This message was created automatically by mail delivery software. |
56 |
> |
57 |
> A message that you sent could not be delivered to one or more of its |
58 |
> recipients. This is a permanent error. The following address(es) failed: |
59 |
> |
60 |
> adriancapdefier@×××××××.ro |
61 |
> This message has been rejected because it has |
62 |
> a potentially executable attachment "MP3.com" |
63 |
> This form of attachment has been used by |
64 |
> recent viruses or other malware. |
65 |
> If you meant to send this file then please |
66 |
> package it up as a zip file and resend it. |
67 |
> |
68 |
> ------ This is a copy of the message, including all the headers. ------ |
69 |
> |
70 |
> Return-path: <gentoo-security-return-warn-1091405444.lblaoilajclmcdganoam-adriancapdefier=digifin.ro@l.g.o> |
71 |
> Received: from [156.56.111.196] (helo=parrot.gentoo.org) |
72 |
> by horse.hostspectrum.com with esmtp (TLSv1:AES256-SHA:256) |
73 |
> (Exim 4.34) |
74 |
> id 1BrQPf-00071b-EC |
75 |
> for adriancapdefier@×××××××.ro; Sun, 01 Aug 2004 19:10:47 -0500 |
76 |
> Received: (qmail 1401 invoked by uid 89); 2 Aug 2004 00:10:53 +0000 |
77 |
> Mailing-List: contact gentoo-security-help@g.o; run by ezmlm |
78 |
> Date: 2 Aug 2004 00:10:53 -0000 |
79 |
> Message-ID: <1091405453.10469.ezmlm-warn@l.g.o> |
80 |
> From: gentoo-security-help@l.g.o |
81 |
> To: adriancapdefier@×××××××.ro |
82 |
> Content-type: text/plain; charset=us-ascii |
83 |
> Subject: ezmlm warning |
84 |
> |
85 |
> Hi! This is the ezmlm program. I'm managing the |
86 |
> gentoo-security@g.o mailing list. |
87 |
> |
88 |
> I'm working for my owner, who can be reached |
89 |
> at gentoo-security-owner@g.o. |
90 |
> |
91 |
> |
92 |
> Messages to you from the gentoo-security mailing list seem to |
93 |
> have been bouncing. I've attached a copy of the first bounce |
94 |
> message I received. |
95 |
> |
96 |
> If this message bounces too, I will send you a probe. If the probe bounces, |
97 |
> I will remove your address from the gentoo-security mailing list, |
98 |
> without further notice. |
99 |
> |
100 |
> |
101 |
> I've kept a list of which messages from the gentoo-security mailing list have |
102 |
> bounced from your address. |
103 |
> |
104 |
> Copies of these messages may be in the archive. |
105 |
> |
106 |
> To retrieve a set of messages 123-145 (a maximum of 100 per request), |
107 |
> send an empty message to: |
108 |
> <gentoo-security-get.123_145@g.o> |
109 |
> |
110 |
> To receive a subject and author list for the last 100 or so messages, |
111 |
> send an empty message to: |
112 |
> <gentoo-security-index@g.o> |
113 |
> |
114 |
> Here are the message numbers: |
115 |
> |
116 |
> 1221 |
117 |
> 1224 |
118 |
> |
119 |
> --- Enclosed is a copy of the bounce message I received. |
120 |
> |
121 |
> Return-Path: <> |
122 |
> Received: (qmail 14884 invoked from network); 21 Jul 2004 07:44:37 +0000 |
123 |
> Received: from horse.hostspectrum.com (209.120.224.103) |
124 |
> by lists.gentoo.org with AES256-SHA encrypted SMTP; 21 Jul 2004 07:44:37 +0000 |
125 |
> Received: from mailnull by horse.hostspectrum.com with local (Exim 4.34) |
126 |
> id 1BnBm3-0004IT-0b |
127 |
> for gentoo-security-return-1221-adriancapdefier=digifin.ro@l.g.o; Wed, 21 Jul 2004 02:44:23 -0500 |
128 |
> X-Failed-Recipients: adriancapdefier@×××××××.ro |
129 |
> Auto-Submitted: auto-generated |
130 |
> From: Mail Delivery System <Mailer-Daemon@××××××××××××××××××.com> |
131 |
> To: gentoo-security-return-1221-adriancapdefier=digifin.ro@l.g.o |
132 |
> Subject: Mail delivery failed: returning message to sender |
133 |
> Message-Id: <E1BnBm3-0004IT-0b@××××××××××××××××××.com> |
134 |
> Date: Wed, 21 Jul 2004 02:44:23 -0500 |
135 |
> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report |
136 |
> X-AntiAbuse: Primary Hostname - horse.hostspectrum.com |
137 |
> X-AntiAbuse: Original Domain - lists.gentoo.org |
138 |
> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] |
139 |
> X-AntiAbuse: Sender Address Domain - |
140 |
> X-Source: |
141 |
> X-Source-Args: |
142 |
> X-Source-Dir: |
143 |
> |
144 |
> This message was created automatically by mail delivery software. |
145 |
> |
146 |
> A message that you sent could not be delivered to one or more of its |
147 |
> recipients. This is a permanent error. The following address(es) failed: |
148 |
> |
149 |
> adriancapdefier@×××××××.ro |
150 |
> This message has been rejected because it has |
151 |
> a potentially executable attachment "MP3.com" |
152 |
> This form of attachment has been used by |
153 |
> recent viruses or other malware. |
154 |
> If you meant to send this file then please |
155 |
> package it up as a zip file and resend it. |
156 |
> |
157 |
> ------ This is a copy of the message, including all the headers. ------ |
158 |
> |
159 |
> Return-path: <gentoo-security-return-1221-adriancapdefier=digifin.ro@l.g.o> |
160 |
> Received: from [156.56.111.196] (helo=parrot.gentoo.org) |
161 |
> by horse.hostspectrum.com with esmtp (TLSv1:AES256-SHA:256) |
162 |
> (Exim 4.34) |
163 |
> id 1BnBm2-0004IJ-JR |
164 |
> for adriancapdefier@×××××××.ro; Wed, 21 Jul 2004 02:44:22 -0500 |
165 |
> Received: (qmail 3276 invoked by uid 89); 21 Jul 2004 07:43:50 +0000 |
166 |
> Mailing-List: contact gentoo-security-help@g.o; run by ezmlm |
167 |
> Precedence: bulk |
168 |
> List-Post: <mailto:gentoo-security@g.o> |
169 |
> List-Help: <mailto:gentoo-security-help@g.o> |
170 |
> List-Unsubscribe: <mailto:gentoo-security-unsubscribe@g.o> |
171 |
> List-Subscribe: <mailto:gentoo-security-subscribe@g.o> |
172 |
> List-Id: Gentoo Linux mail <gentoo-security.gentoo.org> |
173 |
> X-BeenThere: gentoo-security@g.o |
174 |
> Delivered-To: mailing list gentoo-security@l.g.o |
175 |
> Received: (qmail 13423 invoked from network); 21 Jul 2004 07:43:43 +0000 |
176 |
> Date: Wed, 21 Jul 2004 09:40:45 +0100 |
177 |
> To: "Gentoo-security" <gentoo-security@l.g.o> |
178 |
> From: "Gentoo" <gentoo@×××××××××××.org> |
179 |
> Message-ID: <tnsnraezeeqrruituys@l.g.o> |
180 |
> MIME-Version: 1.0 |
181 |
> Content-Type: multipart/mixed; |
182 |
> boundary="--------kkwrockmnbyvvzoqzwtn" |
183 |
> Subject: [gentoo-security] Re: |
184 |
> |
185 |
> ----------kkwrockmnbyvvzoqzwtn |
186 |
> Content-Type: text/html; charset="us-ascii" |
187 |
> Content-Transfer-Encoding: 7bit |
188 |
> |
189 |
> <html><body> |
190 |
> |
191 |
>>Predators<br><br> |
192 |
> |
193 |
> |
194 |
> <br> |
195 |
> </body></html> |
196 |
> |
197 |
> ----------kkwrockmnbyvvzoqzwtn |
198 |
> Content-Type: application/octet-stream; name="MP3._c_o_m_" |
199 |
> Content-Transfer-Encoding: base64 |
200 |
> Content-Disposition: attachment; filename="MP3._c_o_m_" |
201 |
> |
202 |
> TVoAAAEAAAACAAAA//8AAEAAAAAAAAAAQAAAAAAAAAC0TM0hAAAAAAAAAAAAAAAAAAAAAAAA |
203 |
__________________________________________________________________________ |
204 |
> IrskcHZRkMCJnKCDZQEvHlKDnCwSTzI/KiFjw6SBbUIvg4LGDA== |
205 |
> |
206 |
> |
207 |
> ----------kkwrockmnbyvvzoqzwtn |
208 |
> Content-Type: text/plain; charset=us-ascii |
209 |
> |
210 |
> -- |
211 |
> gentoo-security@g.o mailing list |
212 |
> ----------kkwrockmnbyvvzoqzwtn-- |
213 |
> |
214 |
> |
215 |
> |
216 |
> |
217 |
|
218 |
|
219 |
-- |
220 |
|
221 |
Adi |
222 |
|
223 |
-- |
224 |
gentoo-security@g.o mailing list |