-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jan 2001, Kelly Reid wrote:

> Following is the properties from the email from sexyfun. I'm interested
> in knowing who this came from so that they can get their machine
> scanned.

        The "From:" line is just the product of a trojan/worm. Here's the
point of injection:

> Received: from moperr01-98.midwest.net (HELO computer) ([208.235.39.108]) (envelope-sender <>)
> by 10.209.20.32 (qmail-ldap-1.03) with SMTP
> for <Kelly-Reidhome.com>; 12 Jan 2001 04:25:11 -0000

        It looks as if someone on the MIDWEST.NET site's intranet got
spanked with this trojan/worm (hence the 10.209.20.32 address). I'd
suggest you contact the folks at Midwest Internet as it appears this came
from one of their employees.

        The ARIN database indicates the following contact info, but you
will likely want to cc: the postmaster & abuse addresses as well to make
sure this gets quick attention.

Midwest Internet (NETBLK-UU-208-235)
   300 E. Main St.
   Carbondale, IL 62901
   US

   Netname: UU-208-235
   Netblock: 208.235.0.0 - 208.235.63.255
   Maintainer: MIDI

   Coordinator:
      Baird, Curtis (BC247-ARIN) curtisMIDWEST.NET
      (618) 529-7271

- -Jay

   ( ______
   )) .-- "There's always time for a good cup of coffee" --. >===<--.
 C|~~| (>------- Jay D. Dyson -- jdysontreachery.net -------<) | = |-'
  `--' `------ ...You can have my absence of faith... ------' `-----'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: E-mail me for my PGP Public Key.

iQCVAwUBOl9x6tCClfiU/BIVAQG6BAQAzB70KkLJTuy1rxf3D3BC9gMEEH5Rwl2P
YTCWXADdGdBhKo7X6xydwpV4nhZuP9UW+dy8NUuoxLVVQ5aNBeRK7OUrX95uoMJE
ycygCaqGSpWiBOIZBs0gIp+BBXYpFqtyjAz+2ODpqlqsMcVwbEoWMRr63YHccUq7
XcGfJCdrVuo=
=a0qr
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]