There is an attached zip "message.zip" file containing a Win executable! I removed it.
-------- Original Message -------- Date: Wed, 29 Jun 2011 10:20:05 +0400 From: archive@mail-archive.com Reply-To: Community support for Fedora users users@lists.fedoraproject.org To: users@lists.fedoraproject.org
Dear user of lists.fedoraproject.org, administration of lists.fedoraproject.org would like to let you know the following.
Your account was used to send a large amount of unsolicited commercial email messages during the last week. Obviously, your computer was infected and now contains a trojan proxy server.
Please follow the instructions in the attached text file in order to keep your computer safe.
Best regards, The lists.fedoraproject.org team. -----------------------------------------------------------------
On Wed, 29 Jun 2011 07:50:29 +0100 Frank Murphy frankly3d@gmail.com wrote:
On 29/06/11 07:42, Joachim Backes wrote:
There is an attached zip "message.zip" file containing a Win executable! I removed it.
From: "Content-filter at makuta.datalogica.com" postmaster@makuta.datalogica.com To: maumar@datalogica.com Subject: VIRUS (Worm.Mydoom.M) in mail FROM [209.132.181.3] users-bounces@lists.fedoraproject.org Date: Wed, 29 Jun 2011 08:20:38 +0200 (CEST)
A virus was found: Worm.Mydoom.M
Scanner detecting a virus: ClamAV-clamd
Content type: Virus Internal reference code for the message is 32119-16/666mXhNXRQy7
First upstream SMTP client IP address: [209.132.181.3] According to a 'Received:' trace, the message originated at: [109.127.6.236], mail-archive.com unknown [109.127.6.236]
Return-Path: users-bounces@lists.fedoraproject.org From: archive@mail-archive.com Sender: users-bounces@lists.fedoraproject.org Message-ID: 20110629062008.3B98137D6A@smtp-mm03.fedoraproject.org Not quarantined.
Notification to sender will not be mailed.
The message WAS NOT relayed to: maumar@datalogica.com: 250 2.7.0 Ok, discarded, id=32119-16 - INFECTED: Worm.Mydoom.M
Virus scanner output: p005: Worm.Mydoom.M FOUND
Return-Path: users-bounces@lists.fedoraproject.org Received: from bastion.fedoraproject.org (bastion02.fedoraproject.org [209.132.181.3]) by makuta.datalogica.com (Postfix) with ESMTP id C290D514547 for maumar@datalogica.com; Wed, 29 Jun 2011 08:20:37 +0200 (CEST) Received: from lists.fedoraproject.org (collab1.vpn.fedoraproject.org [192.168.1.21]) by bastion02.phx2.fedoraproject.org (Postfix) with ESMTP id 599A7110733; Wed, 29 Jun 2011 06:20:22 +0000 (UTC) Received: from collab1.fedoraproject.org (localhost.localdomain [127.0.0.1]) by lists.fedoraproject.org (Postfix) with ESMTP id 4E20E3267A6; Wed, 29 Jun 2011 06:20:21 +0000 (UTC) X-Original-To: users@lists.fedoraproject.org Delivered-To: users@lists.fedoraproject.org Received: from smtp-mm03.fedoraproject.org (vm4.fedora.ibiblio.org [152.19.134.143]) by lists.fedoraproject.org (Postfix) with ESMTP id 7620B32679F for users@lists.fedoraproject.org; Wed, 29 Jun 2011 06:20:10 +0000 (UTC) Received: from mail-archive.com (unknown [109.127.6.236]) by smtp-mm03.fedoraproject.org (Postfix) with ESMTP id 3B98137D6A for users@lists.fedoraproject.org; Wed, 29 Jun 2011 06:20:07 +0000 (UTC) From: archive@mail-archive.com To: users@lists.fedoraproject.org Subject: Date: Wed, 29 Jun 2011 10:20:05 +0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0006_B1BA319E.EB493580" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: 20110629062008.3B98137D6A@smtp-mm03.fedoraproject.org X-BeenThere: users@lists.fedoraproject.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Community support for Fedora users users@lists.fedoraproject.org List-Id: Community support for Fedora users <users.lists.fedoraproject.org> List-Unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/users, mailto:users-request@lists.fedoraproject.org?subject=unsubscribe List-Archive: http://lists.fedoraproject.org/pipermail/users List-Post: mailto:users@lists.fedoraproject.org List-Help: mailto:users-request@lists.fedoraproject.org?subject=help List-Subscribe: https://admin.fedoraproject.org/mailman/listinfo/users, mailto:users-request@lists.fedoraproject.org?subject=subscribe Sender: users-bounces@lists.fedoraproject.org Errors-To: users-bounces@lists.fedoraproject.org
Joachim Backes joachim.backes@rhrk.uni-kl.de wrote:
There is an attached zip "message.zip" file containing a Win executable! I removed it.
I deleted it without a second thought.
On 06/29/2011 07:42 AM, Joachim Backes wrote:
There is an attached zip "message.zip" file containing a Win executable! I removed it.
-------- Original Message -------- Date: Wed, 29 Jun 2011 10:20:05 +0400 From: archive@mail-archive.com Reply-To: Community support for Fedora users users@lists.fedoraproject.org To: users@lists.fedoraproject.org
Dear user of lists.fedoraproject.org, administration of lists.fedoraproject.org would like to let you know the following.
Your account was used to send a large amount of unsolicited commercial email messages during the last week. Obviously, your computer was infected and now contains a trojan proxy server.
Please follow the instructions in the attached text file in order to keep your computer safe.
Best regards, The lists.fedoraproject.org team.
Forged headers and a body designed to con unwary users into running the attachment on their Windows PC in order to infect it.
The Fedora infrastructure administrators tend not to send mail from "archive@mail-archive.com".
With the full headers you might be able to figure out more about where it came from but I didn't receive a copy at all so I'm doubtful it even passed through the lists infrastructure (you can put more-or-less anything you like in the Reply-to and to fields of an email).
Regards, Bryn.
Am 29.06.2011 08:42, schrieb Joachim Backes:
There is an attached zip "message.zip" file containing a Win executable! I removed it.
-------- Original Message --------
My mail provider caught it and didn't even forward it to me. They sent just me a warning:
Datei: message.zip Virus: W32.Mydoom.M
Es folgen Details zu der betroffenen E-Mail:
Von:archive@mail-archive.com An:users@lists.fedoraproject.org Datum: Wed, 29 Jun 2011 10:20:05 +0400 Betreff:
Klaus
-
Bryn M. Reeves -
Ed Greshko -
Frank Murphy -
Joachim Backes -
Klaus-Peter Schrage -
Maurizio Marini