From: Mark (ms6275@yahoo.de)
Date: Sat Oct 19 2002 - 06:08:40 GMT-3
A file came through from me! and without even clicking on it (preview pane)
tried to execute prolificat.eml.pif (MSDOS thingy I think) which it had as an
attachment. Like I'm gonna click 'OK' :)
It seems the attacker/fellow victim is in Belgium. Source is below.
Be aware
Mark
X-Apparently-To: ms6275@yahoo.de via 216.136.130.84; 19 Oct 2002
01:55:21 -0700 (PDT)
X-YahooFilteredBulk: 195.238.3.91
X-Track: 152: 20
Return-Path: <ms6275@siemens.atea.be>
Received: from 195.238.3.91 (EHLO durendal.skynet.be) (195.238.3.91)
by mta528.mail.yahoo.com with SMTP; 19 Oct 2002 01:55:21 -0700 (PDT)
Received: from pc1060 (182.73-200-80.adsl.skynet.be [80.200.73.182])
by durendal.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.20) with SMTP id
g9J8qi019418;
Sat, 19 Oct 2002 10:52:44 +0200 (MET DST)
(envelope-from <ms6275@siemens.atea.be>)
Date: Sat, 19 Oct 2002 10:52:44 +0200 (MET DST)
Message-Id: <200210190852.g9J8qi019418@durendal.skynet.be>
From: "Mark" <ms6275@siemens.atea.be>
Subject: Re: Odd TCP problem
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------OF3B2034SENCCC4"
------------OF3B2034SENCCC4
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD><BODY>
<iframe src=3Dcid:61pzkeqzX161Y height=3D0 width=3D0>
</iframe>
<FONT></FONT>
Forget it. Being thick again.<br>
<br>
r2(config-subif)#no frame-relay map ip 109.1.44.1 605 broadcast compress<br>
<br>
r2(config-subif)# frame-relay map ip 109.1.44.1 605 broadcast<br>
<br>
r2#<br>
<br>
05:29:31: %BGP-5-ADJCHANGE: neighbor 109.1.15.1 Up<br>
<br>
----- Original Message -----<br>
From: "Mark" <ms6275@y
</BODY></HTML>
------------OF3B2034SENCCC4
Content-Type: audio/x-midi;
name=proficiat.eml.pif
Content-Transfer-Encoding: base64
Content-ID: <61pzkeqzX161Y>
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:51 GMT-3