[Samba] Please check if your are sending offending emails

Ron Liu rliu at email.sjsu.edu
Thu Sep 25 14:35:00 GMT 2003 

Hi, There
Last few weeks I've received tons of these "Microsoft Security updates"
emails with Virus attachment. These email must be from samba or ldap mailing
list. Following I listes some sender's source IP address and host names.
This only very small part of list. If I have time, I will be sending more
offending hosts list to you. Please take a look if your machine happened to
be one of the offending hosts, please try to clean it up. You can find more
information about clean up the infected machine from
http://securityresponse.symantec.com/

Offending hosts list (part 1)
********************************************************
from in.menzolit-fibron.sk ([217.118.110.162])

Received: from empcorreo.onolab.com (smtp.onored.com [62.42.230.27])

from cobalt.eux.nl (213-132-174-148.multikabel.nl [213.132.174.148])

Received: from smtp04.wxs.nl (smtp04.wxs.nl [195.121.6.59])

Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206])
Received: from fxdmfn (80.182.241.123) by vsmtp12.tin.it (7.0.019)

Received: from mail.chariot.net.au (mail.chariot.net.au [203.87.95.38])
Received: from clbnqpl (ppp-080.cust203-87-121.ghr.chariot.net.au
[203.87.121.80])
	by mail.chariot.net.au (Postfix) with SMTP

Received: from mta06bw.bigpond.com (mta06bw.bigpond.com [144.135.24.156])
Received: from qngjcj ([144.135.24.72]) by mta06bw.email.bigpond.com
 (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
 with SMTP id <0HLR00B9XQZUWA at mta06bw.email.bigpond.com> for

Received: from poczta.xtra.pl (poczta.xtra.pl [212.14.56.8])
Received: from zpvcvl (em21313623232.teleton.pl [213.136.232.32])
	by poczta.xtra.pl (Postfix) with SMTP
	id 6C1591AEBC; Thu, 25 Sep 2003 14:13:05 +0200 (CEST)

Received: from mail0.ewetel.de (mail0-96.ewetel.de [212.6.122.96])
Received: from pjcsj (dialin-79153.ewetel.net [212.6.79.153])
	by mail0.ewetel.de (8.12.1/8.12.9) with SMTP id h8PC77jB029732;
	Thu, 25 Sep 2003 14:07:08 +0200 (MEST)

Received: from imf21aec.mail.bellsouth.net (imf21aec.mail.bellsouth.net
[205.152.59.69])
Received: from lqocotba ([68.209.11.2]) by imf21aec.mail.bellsouth.net
          (InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with SMTP
          id <20030925114941.WHHO1847.imf21aec.mail.bellsouth.net at lqocotba>;
          Thu, 25 Sep 2003 07:49:41 -0400

Received: from torvals1.ciudadglobal.com.ar (200.69.145.126.techtelnet.net
[200.69.145.126] (may be forged))
Received: from jdnhorq (asterix-nat1.ciudadglobal.com.ar [200.69.145.124]
(may be forged))
	by torvals1.ciudadglobal.com.ar (8.12.8/8.12.8) with SMTP id
h8PEHlAB028358;
	Thu, 25 Sep 2003 11:17:48 -0300

Received: from mail.d-net.cz (mail.d-net.cz [194.213.244.98])
Received: from server.menu.cz (swuniv.d-net.cz [195.128.197.117] (may be
forged))
	by mail.d-net.cz (8.12.3/8.12.3/Debian-6.6) with ESMTP id h8PE3qLm001832;

Received: from webserver.pmp.pr.gov.br ([200.163.242.234])
Received: from ywqwyrl (unknown [192.168.1.140])
	by webserver.pmp.pr.gov.br (Postfix) with SMTP
	id A5403D81E9; Thu, 25 Sep 2003 07:59:37 -0300 (BRT)
***********************************************************************

Thank you for your help

Ron Liu
Information Technology Consultant
Biology Department
San Jose State University
408-924-4860
rliu at email.sjsu.edu

More information about the samba mailing list