Mysterious Mail with uknown Attachment
Hi! I got a mail with the following header:
From MAILER-DAEMON Sat Jan 27 17:17:40 2001 Return-Path: <> Delivered-To: mlindner@agentur-lindner.de Received: from webserver.hlg-fuerth.de (unknown [212.204.100.206]) by www1.agentur-lindner.de (Postfix) with ESMTP id 19EDA111E84 for <ml@agentur-lindner.de>; Sat, 27 Jan 2001 17:17:35 +0100 (CET) Received: by webserver.hlg-fuerth.de (Postfix) id 9EC366695B; Sat, 27 Jan 2001 17:18:42 +0100 (CET) Delivered-To: webmaster@hlg-fuerth.de Received: from mout02.kundenserver.de (mout02.kundenserver.de [195.20.224.133]) by webserver.hlg-fuerth.de (Postfix) with ESMTP id 57F7766959 for <webmaster@hlg-fuerth.de>; Sat, 27 Jan 2001 17:18:36 +0100 (CET) Received: from [195.20.224.151] (helo=mrelay01.kundenserver.de) by mout02.kundenserver.de with esmtp (Exim 2.12 #2) id 14MY2y-0003ix-00 for webmaster@hlg-fuerth.de; Sat, 27 Jan 2001 17:17:52 +0100 Received: from p3ee386f8.dip0.t-ipconnect.de ([62.227.134.248] helo=ayla) by mrelay01.kundenserver.de with smtp (Exim 2.12 #2) id 14MY2c-0001ga-00 for webmaster@hlg-fuerth.de; Sat, 27 Jan 2001 17:17:30 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VE96FW1QV0X2J49MBGHIF0T" Message-Id: <E14MY2c-0001ga-00@mrelay01.kundenserver.de> From: Remote Mail Delivery System <> Date: Sat, 27 Jan 2001 17:17:30 +0100 Status: RO X-Status: X-Keywords: X-UID: 737
There was no message in it and has had a quite strong attachment named: 'PKCBLMPK.EXE' Is this malware? Anyone knows this file? I didn't execute it yet... Is it possible that relay01.kundenserver.de is an open relay? Thanks for help and suggestions... Max
Max Lindner wrote:
I got a mail [...]
There was no message in it and has had a quite strong attachment named: 'PKCBLMPK.EXE'
Is this malware?
Well possible.
Anyone knows this file?
No.
I didn't execute it yet...
Good idea.
Is it possible that relay01.kundenserver.de is an open relay?
Everything is possible. Just one question: In which way is this related to SuSE Linux security? Thank you for keeping problems of this complexity for yourself in the future. ltrebing
On Sun, 28 Jan 2001, Max Lindner wrote:
[...] There was no message in it and has had a quite strong attachment named: 'PKCBLMPK.EXE'
Is this malware? Anyone knows this file? I didn't execute it yet... Is it possible that relay01.kundenserver.de is an open relay?
Thanks for help and suggestions...
Max Hmm, I got that stuff too... perhaps it's some kind of virus... anyway, since I'm on Linux and using Pine I guess that I have nothing to worry about :-)
If anybody disassembles or knows what does it do, I'd like to know it Vadim
participants (3)
-
Lars Trebing -
Max Lindner -
vadim_t@teleline.es