Hi,
lately, I receive strange e-mails to users on a private lan. Below a
sample header:
Von:
On Wed, 2002-02-20 at 19:06, thiemo wrote:
Hi,
lately, I receive strange e-mails to users on a private lan. Below a sample header:
Von:
Datum: Mit, 20. Feb. 2002 14:56:12 Europe/Zurich An: User@213.165.64.20 Betreff: Werbung: Sicherheitshinweis Antwort an: Return-Path: Delivered-To: mail_thiemo@localhost.thiam.ch Delivered-To: GMX delivery to thiemo@gmx.ch Received: from localhost (localhost [127.0.0.1]) by nyffeltrach.thiam.ch (Postfix on SuSE Linux 7.2 (i386)) with ESMTP id 1BE6DC0D1 for ; Wed, 20 Feb 2002 15:00:08 +0100 (CET) Received: from 213.165.64.20 [213.165.64.20] by localhost with POP3 (fetchmail-5.8.0) for mail_thiemo@localhost (single-drop); Wed, 20 Feb 2002 15:00:08 +0100 (CET) Received: (qmail 20586 invoked by uid 0); 20 Feb 2002 13:56:10 -0000 Received: from unknown (HELO genie.de) (211.185.197.130) by mx0.gmx.net (mx021-rz3) with SMTP; 20 Feb 2002 13:56:10 -0000 X-Flags: 0000 Message-Id: <001b34b36dae$3645e3e6$4ea80ba3@phemik> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 Importance: Normal Now my questions. How is this possible when thiam.ch doesn't even exist in the internet? Do I have an uninvited guest on my Postfix mail server, which is, by the way, behind a firewall and uses a private IP address? Is there a HowTo explaining how to set up postfix with user password etc? Maybe even over a secure connection?
Thx
Thiemo
-- Thiemo Kellner Tösstalstrasse 146 CH-8400 Winterthur
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi,
I think this is what you need to be looking for. I guess you caught one
of the latest mail worms. If the message of the emails looks like this
you better get your he** out of your a** and start some counter measures
(Sorry for my rude words)
For further information go to
http://securityresponse.symantec.com/avcenter/venc/data/w32.yarner.a@mm.html
*********************snip*********************************************
Hallo !
Willkomen zur neuesten Newsletter-Ausgabe der Webseite Trojaner-Info.de.
Hier die Themen im Ueberblick:
01. YAW 2.0 - Unser Dialerwarner in neuer Version
************************************
01. YAW 2.0 - Unser Dialerwarner in neuer Version
Viele haben ihn und viele moegen ihn - unseren Dialerwarner YAW. YAW ist
nun in einer brandneuen und stark erweiterten Version verfuegbar. Alle
unsere
Newsletterleser bekommen ihn kostenlos zusammen mit diesem Newsletter.
Also einfach die angehaengte Datei starten und YAW 2.0 installieren. Bei
Fragen
steht Ihnen der Programmierer des bislang einzigartigen Programmes
Andreas Haak
unter andreas@ants-online.de zur Verf
gung. Viel Spaß mit YAW!
participants (2)
-
Roman Baumann
-
thiemo