[dba-Tech] Viruses coming for several days from 195.167.69.130....

Shamil Salakhetdinov shamil at users.mns.ru
Mon May 30 12:33:29 CDT 2005


Thank you, Bryan!

Yes, I have these messages headers - here are the two of them - all coming
from 195.167.69.130:

1.

>From Service at mns.ru  Thu May 26 12:10:30 2005
Received: from babylon5.mns.ru ([80.70.224.25])
  (TLS: TLSv1/SSLv3,256bits,AES256-SHA)
  by batman.mns.ru with esmtp; Thu, 26 May 2005 12:10:30 +0400
  id 000104E8.42958476.00000419
Received: from mns.ru ([195.167.69.130])
  by babylon5.mns.ru with esmtp; Thu, 26 May 2005 12:10:20 +0400
  id 000182EF.4295846C.00005A64
From: Service at mns.ru
To: shamil-users at mns.ru
Subject: *IMPORTANT* Your Account Has Been Locked
Date: Thu, 26 May 2005 11:11:48 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----=_NextPart_000_0011_2DB2B65A.C74339E8"
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: <courier.42958476.00000419 at batman.mns.ru>
X-Spam-Status: Yes, hits=9.0 tagged_above=3.0 required=8.0
 tests=MICROSOFT_EXECUTABLE, MISSING_MIMEOLE, NO_REAL_NAME, PRIORITY_NO_NAME
X-Spam-Level: *********
X-Spam-Flag: YES

2.

>From Service at mns.ru  Thu May 26 14:43:37 2005
Received: from babylon5.mns.ru ([80.70.224.25])
  (TLS: TLSv1/SSLv3,256bits,AES256-SHA)
  by batman.mns.ru with esmtp; Thu, 26 May 2005 14:43:36 +0400
  id 00004FF9.4295A858.00005A00
Received: from mns.ru ([195.167.69.130])
  by babylon5.mns.ru with esmtp; Thu, 26 May 2005 14:43:34 +0400
  id 0001C22B.4295A856.0000234A
From: Service at mns.ru
To: shamil-users at mns.ru
Subject: Your Email Account is Suspended For Security Reasons
Date: Thu, 26 May 2005 13:45:02 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----=_NextPart_000_0014_C8178C57.146A5279"
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: <courier.4295A858.00005A00 at batman.mns.ru>
X-Spam-Status: No, hits=4.1 tagged_above=3.0 required=8.0 tests=HTML_00_10,
 MISSING_MIMEOLE, NO_REAL_NAME, PRIORITY_NO_NAME, UPPERCASE_25_50
X-Spam-Level: ****

I will try to inform  noc at otenet.gr, abuse at otenet.gr, hostmaster at otenet.gr.
postmaster at otennet.gr about the problem...

Shamil

----- Original Message ----- 
From: "Bryan Carbonnell" <carbonnb at gmail.com>
To: "Discussion of Hardware and Software issues"
<dba-tech at databaseadvisors.com>
Sent: Monday, May 30, 2005 8:36 PM
Subject: Re: [dba-Tech] Viruses coming for several days from
195.167.69.130....


> On 5/30/05, Shamil Salakhetdinov <shamil at users.mns.ru> wrote:
> > Hi All,
> >
> > I'm getting W32.Mydoom.BT at mm viruses for several days from
195.167.69.130.
> >
> > The virus sender's e-mail address is simulating my provider's
"services":
> > admin at mns.ru, service at mns.ru etc.
> >
> > What are the most effective ways to stop these viruses sending?
>
> If you can filter it at the server level, then that's the best way.
>
> Failing that, contact you ISP, and send them the received header lines
> from a couple of the virii, and ask them to block the IP.
>
> Also, send an e-mail to:
> noc at otenet.gr, abuse at otenet.gr, hostmaster at otenet.gr.
postmaster at otennet.gr
> with a few of the received headers as well and ask them to contact
> thier client and inform them that they are sending out virii. Also ask
> them if they could block this person until they have cleaned the virri
> from their PC.
>
> I have done this before and it has worked. Just make sure that you
> send the recieved headers so they can trace it back to their system
> and you are polite and non-confrontational.
>
> -- 
> Bryan Carbonnell - carbonnb at gmail.com
> Life's journey is not to arrive at the grave safely in a well
> preserved body, but rather to skid in sideways, totally worn out,
> shouting "What a great ride!"
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com




More information about the dba-Tech mailing list