[Retros] [OT] You are made active -- Possible Virus?

Otto Janko otto at janko.at
Sun Feb 6 07:40:22 EST 2005

Previous message: [Retros] You are made active -- Possible Virus?
Next message: [Retros] At home proof games in 7.0 moves
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi ALL

In the meantime the virus mail was sent two more times:

on Feb 5 at 20:46:04 (MET = Poland time)
on Feb 6 at 10:12:40 (MET = Poland time)

Both mails were received from the same sender:

pb84.plock.sdi.tpnet.pl (HELO host.com) (213.77.146.84)

The sender uses the provider "tpnet.pl" in Poland, it seems that he uses a
fixed IP address or stayed online overnight (at least both mails were sent
using the same IP addresss). Reverse DNS lookup was successful, and because
the "pb84" corresponds to the last part of the IP address ".84" (which is a
common naming schema), I think neither IP nor SMTP host are faked.

And, again, I think that the sender is a member of the Retro Mailing List.

I hope the user of the infected computer reads this mail and acts
accordingly. Any virus scanner will help.

Best Regards,

- Otto Janko [mailto:otto at janko.at] [http://janko.at]
-- Those who desire to give up freedom in order to gain security,
- will not have, nor do they deserve, either one." [Benjamin Franklin]

> -----Original Message-----

> From: retros-bounces at janko.at

> [mailto:retros-bounces at janko.at] On Behalf Of Otto Janko

> Sent: Saturday, February 05, 2005 1:45 PM

> To: 'The Retrograde Analysis Mailing List'

> Subject: RE: [Retros] You are made active -- Possible Virus?

>

> Joost wrote:

>

> > Please note that lots of viruses fake the sender-address. You

> > can see which mailserver originally sent the mail in the full

> > headers of the mail (the Received: lines)

>

> True, but in this case the computer, which sent the virus,

> must have both

> mail addresses in his address book or the browser cache: The

> address of the

> mailing list and the address of Mario.

>

> Thus, the mail most likely originates from one of the members

> of the Retro

> mailing list, not necessarily from Mario.

>

> Joost, can you post/analyze the headers? I cannot do this

> because the mail

> was deleted by my junk mail filter, and in the archive the

> headers are not

> shown.

>

> Best Regards,

>

> - Otto Janko [mailto:otto at janko.at] [http://janko.at]

> -- Those who desire to give up freedom in order to gain security,

> - will not have, nor do they deserve, either one." [Benjamin Franklin]

>

>

>

> _______________________________________________

> Retros mailing list

> Retros at janko.at

> http://www.pairlist.net/mailman/listinfo/retros

>

Previous message: [Retros] You are made active -- Possible Virus?
Next message: [Retros] At home proof games in 7.0 moves
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Retros mailing list