驪戻
麗全 黎新 萌え萌えウイルスたんヽ(´ー`)ノ
3 にしやま 2004/01/07(水) 15:49
W32.Swen.A@mm その2
---------------------
Received: from XXXXXX.or.jp (XXXXX [XXX.XXX.XX.XXX])
by mx1.XXXXXX.or.jp (8.9.3p2/3.7W) with ESMTP id JAA24729;
Wed, 7 Jan 2004 09:16:37 +0900 (JST)
Received: from mail6.XXXXXX.or.jp
by XXXXXX.or.jp (3.7W/HMX-13) id JAA23071;
Wed, 7 Jan 2004 09:16:37 +0900 (JST)
Received: from ncju (pl144.nas511.k-tokyo.nttpc.ne.jp [210.165.64.144]) by mail6.XXXXXX.or.jp (8.9.3/3.7W)
id JAA21908; Wed, 7 Jan 2004 09:15:33 +0900 (JST)
Date: Wed, 7 Jan 2004 09:15:33 +0900 (JST)
Message-Id: <200401070015.JAA21908@mail6.XXXXXX.or.jp>
FROM: "Public Support" <vofkxydbdhcfm_ttkhpmw@bulletin.com>
TO: "Customer" <eepsi-okmiyust@bulletin.com>
SUBJECT: Internet Upgrade
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ossuaqzrukhwkw"
X-UIDL: ed1bb2259b0e7fd5949b419eae4337b9
X-EdMax-Attachment-File: 20040107_101019_rpp6tt\Attach$_01.html,
20040107_101019_rpp6tt\Attach$_01.gif,
20040107_101019_rpp6tt\Attach$_02.gif,
20040107_101019_rpp6tt\q268893.exe,
X-EdMax-Status: 0
Microsoft Customer
this is the latest version of security update, the
"January 2004, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express.
Install now to help protect your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run code on your computer.
This update includes the functionality of all previously released patches.
Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site.
URL
For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site
URL
Thank you for using Microsoft products.
Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
----------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
Copyright 2004 Microsoft Corporation.
4 にしやま 2004/01/07(水) 16:06
W32.Swen.A@mm その3
---------------------
Received: from XXXXX.or.jp (XXXXX [XXX.XXX.XXX.XXX])
by mx1.XXXXX.or.jp (8.9.3p2/3.7W) with ESMTP id NAA25337;
Tue, 6 Jan 2004 13:05:08 +0900 (JST)
Received: from mail5.XXXXX.or.jp
by XXXXX.or.jp (3.7W/HMX-13) id NAA21805;
Tue, 6 Jan 2004 13:05:07 +0900 (JST)
Received: from mlozx (pl061.nas511.k-tokyo.nttpc.ne.jp [210.165.64.61]) by mail5.XXXXX.or.jp (8.9.3/3.7W)
id NAA18966; Tue, 6 Jan 2004 13:03:40 +0900 (JST)
Date: Tue, 6 Jan 2004 13:03:40 +0900 (JST)
Message-Id: <200401060403.NAA18966@mail5.XXXXX.or.jp>
FROM: "Technical Support" <gzikffrpveqlku-ltfzcup@advisor.msn.com>
TO: "Customer" <customer-rgibwwe@advisor.msn.com>
SUBJECT: net security pack
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="numlzkxgvclgckl"
X-UIDL: 49bb7a8daed6a291b9635308038ecf45
X-EdMax-Attachment-File: 20040106_131007_d0wamm\Attach$_01.html,
20040106_131007_d0wamm\Attach$_01.gif,
20040106_131007_d0wamm\Attach$_02.gif,
20040106_131007_d0wamm\Q289924.exe,
X-EdMax-Status: 0
Microsoft Customer
this is the latest version of security update, the
"January 2004, Cumulative Patch" update which resolves
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three new vulnerabilities.
Install now to maintain the security of your computer
from these vulnerabilities, the most serious of which could
allow an malicious user to run executable on your computer.
This update includes the functionality of all previously released patches.
Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site.
URL
For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site
URL
Thank you for using Microsoft products.
Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
----------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
Copyright 2004 Microsoft Corporation.
5 にしやま 2004/01/07(水) 16:20
W32.Swen.@mm その4
その2,その3,その4 は SUBJECT と、添付ファイル名以外は同じようです。
---------------------
Received: from XXXXX.or.jp (XXXXX [XXX.XXX.XXX.XXX])
by mx1.XXXXX.or.jp (8.9.3p2/3.7W) with ESMTP id KAA06360;
Tue, 6 Jan 2004 10:02:38 +0900 (JST)
Received: from mail6.XXXXX.or.jp
by XXXXX.or.jp (3.7W/HMX-13) id KAA03861;
Tue, 6 Jan 2004 10:02:29 +0900 (JST)
Received: from uvchbqjn (pl022.nas511.k-tokyo.nttpc.ne.jp [210.165.64.22]) by mail6.XXXXX.or.jp (8.9.3/3.7W)
id KAA22458; Tue, 6 Jan 2004 10:00:21 +0900 (JST)
Date: Tue, 6 Jan 2004 10:00:21 +0900 (JST)
Message-Id: <200401060100.KAA22458@mail6.XXXXX.or.jp>
FROM: "Microsoft Corporation Security Section" <wezhuyncjgzsrfp_dfhz@newsletters.net>
TO: "Microsoft Customer" <zsrbz_lwhijzz@newsletters.net>
SUBJECT: Internet Security Pack
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="gumyqvzlfsgzlprmo"
X-UIDL: 763a035a92907e09fa32868862c20ac2
X-EdMax-Attachment-File: 20040106_105013_pn53gw\Attach$_01.html,
20040106_105013_pn53gw\Attach$_01.gif,
20040106_105013_pn53gw\Attach$_02.gif,
20040106_105013_pn53gw\installation21.exe,
X-EdMax-Status: 0
Microsoft Customer
this is the latest version of security update, the
"January 2004, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to maintain the security of your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run code on your system.
This update includes the functionality of all previously released patches.
System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
- MS Internet Explorer, version 4.01 and later
- MS Outlook, version 8.00 and later
- MS Outlook Express, version 4.01 and later
Recommendation: Customers should install the patch at the earliest opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site.
URL
For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site
URL
Thank you for using Microsoft products.
Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
----------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
Copyright 2004 Microsoft Corporation.
6 初心者さん 2004/01/28(水) 18:27
qqqq , xxxx は伏せ字。
多分最近はやってるやつ。添付はノーd先生が削除してしまいました。
--
Received: from m-net.ne.jp by qqqq.xxxxx.xxx.xx (UUPC/extended 1.13k) with UUCP
for qqqq@qqqq.xxxxx.xxx.xx; Wed, 28 Jan 2004 18:09:37 +0900
Received: from m-net.ne.jp (YahooBB220005004182.bbtec.net [220.5.4.182]) by rayearth.xxxxx.xxx.xx (8.9.3p2/3.5Wpl2-uucp1/RIMNET) with ESMTP
id OAA05397 for <qqqq@qqqq.xxxxx.xxx.xx>; Wed, 28 Jan 2004 14:55:29 +0900 (JST)
From: qqqqq@m-net.ne.jp
Message-Id: <200401280555.OAA05397@rayearth.xxxxx.xxx.xx>
To: qqqq@qqqq.xxxxx.xxx.xx
Subject: Hello
Date: Wed, 28 Jan 2004 14:58:41 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0001_D74921D3.CAB4324B"
X-Priority: 3
X-MSMail-Priority: Normal
X-EdMax-Attachment-File: 20040128_181353_f4wk7m\doc.scr,
X-EdMax-Status: 0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
"氾楾~
゙,$・
゙ェ$dJスフ予ケ�チキ環JX坩U゙キ,クz・
趨brVヒ9Uリ・尊醯・羲\ア・lタbュ�「ヲ匳E・
ニ�ハ
6*�モ゚・鑰�鐡憊ィクワイ甎1"oWc蟆iF 耡5ャv�ョーO�シイ攝タ}(!リ.ヤbE゚`H垳Hメw感ケ?Λ」I*0隶B龠�ネヘ匱�フル・髦.ヤ雁・TフoイツゥnrF槝x%ヌ�`コエ、t・
冗ァ�%Hjッ・糢篌F�ル}・挺ウセコフヲ ケェタソaセn)&�ホ6ャA・ミ(ニ藻`ネ煕e・X匝オ・I逋ォュXセツI・)蔟
拭ル嬢m#d・-\�-莨R貂|アヘム軼・淪~エワliイYLノU(L鐡lt・ロヲ}稱「・�
�ソy|コ�ニG
Cハヲcu�」W・ユ(0�ヌ(�筺ヲ43ャ#ホゥe・・*・ャ
N~蚕fnzルリuvテ<
仇3・・・ケヨト&h。ホ*�熬ーエ゙鍵・ojキエ�キ~ァut
巓Am.D鏈・zjィ�霙礦�ィ�悄ヲm%瓱SウG肭e・8_。贍・�
、(�ムz瞼6ス^4・�イミ�\0゙l-"顏d_(2ヲ・麑7縷ホスS/*QタZモ∋菟樔゚}�ャ(7]S"�セハ・ア・イセ燈s�ー�鍜メyYh錐^H]�粥ヲ�ャリュ?2儲eVhムミb`ォッ楚・ャ・/鹽1J�トd$ッニ姫i凩zM柄;UXノタソム痞遠ウ
R
#0モ遏チ4%5cーシチオ・B]ヤュFT^モRル
7 あぼーん 1970/01/01(木) 09:00
あぼーん
8 初心者さん 2004/01/28(水) 18:31
↑ もともと化けています。
9 にしやま 2004/03/02(火) 10:57
私のアドレスで(を騙って?)送信されているらしいウイルスです。
xxxxx は伏せ字
ana.co.jp から USER UNKNOWN で戻ってきた中身です。
---
Reporting-MTA: dns; otopazf.121.ana.co.jp
Received-From-MTA: DNS; localhost
Arrival-Date: Tue, 2 Mar 2004 09:06:33 +0900 (JST)
Final-Recipient: RFC822; btoc@121.ana.co.jp
Action: failed
Status: 5.1.1
Remote-MTA: DNS; [10.1.145.45]
Diagnostic-Code: SMTP; 550 5.1.1 <btoc@121.ana.co.jp>... User unknown
Last-Attempt-Date: Tue, 2 Mar 2004 09:06:39 +0900 (JST)
---
Return-Path: <xxxxx@miolab.com>
Received: from otopazf.121.ana.co.jp (localhost [127.0.0.1])
by otopazf.121.ana.co.jp (Switch-3.1.4/Switch-3.1.0) with ESMTP id i2206XhW019227
for <btoc@121.ana.co.jp>; Tue, 2 Mar 2004 09:06:33 +0900 (JST)
Received: from 121.ana.co.jp (p12026-ipadfx01sasajima.aichi.ocn.ne.jp [219.162.134.27])
by otopazf.121.ana.co.jp (Switch-3.1.4/Switch-3.1.0) with ESMTP id i2206VTG019217
for <btoc@121.ana.co.jp>; Tue, 2 Mar 2004 09:06:32 +0900 (JST)
Message-Id: <200403020006.i2206VTG019217@otopazf.121.ana.co.jp>
From: xxxxx@miolab.com
To: btoc@121.ana.co.jp
Subject: Re: Your software
Date: Tue, 2 Mar 2004 09:07:10 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0004_00007B68.00003159"
X-Priority: 3
X-MSMail-Priority: Normal
This is a multi-part message in MIME format.
------=_NextPart_000_0004_00007B68.00003159
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
------------------ Virus Warning Message (on otopazf)
Found virus WORM_NETSKY.D in file application.pif
The uncleanable file is deleted.
---------------------------------------------------------
------=_NextPart_000_0004_00007B68.00003159
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Your file is attached.
------=_NextPart_000_0004_00007B68.00003159
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
------------------ Virus Warning Message (on otopazf)
application.pif is removed from here because it contains a virus.
---------------------------------------------------------
------=_NextPart_000_0004_00007B68.00003159--
10 otopaze ってなに? 2004/04/19(月) 20:23
おれもきた。
The original message was received at Mon, 12 Apr 2004 22:13:44 +0900 (JST)
from localhost [127.0.0.1]
----- The following addresses had permanent fatal errors -----
<ana17_106356448@121.ana.co.jp>
(reason: 550 5.1.1 <ana17_106356448@121.ana.co.jp>... User unknown)
----- Transcript of session follows -----
... while talking to [10.1.145.45]:
・・・・
Content-Type: message/delivery-status
Reporting-MTA: dns; otopaze.121.ana.co.jp
(pl050.nas314.tsushima.nttpc.ne.jp [210.153.165.242])
------------------ Virus Warning Message (on otopaze)
Found virus WORM_NETSKY.D in file document_4351.pif
The uncleanable file is deleted.
11 初心者さん 2004/04/19(月) 23:36
それにしても NETSKY はやってますねぇ。
12 うちも 2004/04/21(水) 17:44
Norton AntiVirus が添付ファイルを削除しました: message_details.pif.
添付ファイルに W32.Netsky.D@mm ウイルスが感染していました。