Another virus
Thread Starter
Join Date: Nov 2000
Location: Greystation
Posts: 1,086
Likes: 0
Received 0 Likes
on
0 Posts
Another virus
Hi there one and all, I got another e-mail recently containing a virus that was picked up and binned well before it hit my inbox, however thought someone could play with the header I can get from it and do a little investigating please. The only reason I ask is that the message came from "[email protected]" but obviously is wasn't 10W that we party with on PPRuNe. I have mailed him and alerted him to the fact I got this mail, and he has given me full permission for me to ask this here. Hope someone can help.
Cheers, 5mb
X-YahooFilteredBulk: 81.103.54.144
Authentication-Results: mta801.mail.ukl.yahoo.com
from=hotmail.com; domainkeys=neutral (no sig)
X-Originating-IP: [81.103.54.144]
Return-Path: <[email protected]>
Received: from 81.103.54.144 (EHLO btinternet.com) (81.103.54.144)
by mta801.mail.ukl.yahoo.com with SMTP; Tue, 15 Mar 2005 20:16:19 +0000
From: [email protected]
To: <my email address removed>
Subject: Re: letter
Date: Tue, 15 Mar 2005 20:16:15 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
This is a multi-part message in MIME format.
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Your document is attached to this mail.
+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
name="letter.txt .pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="letter.txt .pif"
------=_NextPart_000_0016----=_NextPart_000_0016--
Cheers, 5mb
X-YahooFilteredBulk: 81.103.54.144
Authentication-Results: mta801.mail.ukl.yahoo.com
from=hotmail.com; domainkeys=neutral (no sig)
X-Originating-IP: [81.103.54.144]
Return-Path: <[email protected]>
Received: from 81.103.54.144 (EHLO btinternet.com) (81.103.54.144)
by mta801.mail.ukl.yahoo.com with SMTP; Tue, 15 Mar 2005 20:16:19 +0000
From: [email protected]
To: <my email address removed>
Subject: Re: letter
Date: Tue, 15 Mar 2005 20:16:15 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
This is a multi-part message in MIME format.
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Your document is attached to this mail.
+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
name="letter.txt .pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="letter.txt .pif"
------=_NextPart_000_0016----=_NextPart_000_0016--
Moderator
Join Date: Jul 1997
Location: Europe
Posts: 3,228
Likes: 0
Received 0 Likes
on
0 Posts
According to the IP given in the header, it might be someone in the Guildford area who uses NTL as their ISP...
WHOIS results for 81.103.54.144
Generated by www.DNSstuff.com
Location: United Kingdom [City: London, England]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 81.103.48.0 - 81.103.55.255
netname: NTL
descr: NTL Infrastructure - Guildford
country: GB
admin-c: NNMC1-RIPE
tech-c: NNMC1-RIPE
status: ASSIGNED PA
mnt-by: AS5089-MNT
remarks: INFRA-AW
changed: **********@ntli.net 20021114
source: RIPE
route: 81.102.0.0/15
descr: NTL-UK-IP-BLOCK
origin: AS5089
mnt-by: AS5089-MNT
changed: **********@ntli.net 20040929
source: RIPE
role: NTLI Network Management Centre
address: NTL Internet
address: Crawley Court
address: Winchester
address: Hampshire
address: SO21 2QA
trouble: -------------------------------------------------------
trouble: For abuse notifications please -
trouble: file an online case @ http://www.ntlworld.com/netreport
trouble: +44 1633 710142 (Voicemail Only)
trouble: -------------------------------------------------------
trouble: For peering issues/requests please -
trouble: email : *******@ntli.net
trouble: -------------------------------------------------------
admin-c: MH22007-RIPE
admin-c: NR731-RIPE
admin-c: CM1377-RIPE
tech-c: MH22007-RIPE
tech-c: CM1377-RIPE
admin-c: NR731-RIPE
nic-hdl: NNMC1-RIPE
mnt-by: AS5089-MNT
notify: *************@ntl.com
e-mail: *************@ntl.com
changed: **********@ntli.net 20030328
changed: **********@ntli.net 20030401
changed: **********@ntli.net 20030603
changed: **********@ntli.net 20030707
changed: **********@ntli.net 20040303
changed: **********@ntli.net 20040312
changed: **********@ntli.net 20040929
changed: *************@ntl.com 20050307
source: RIPE
[The following lines added by www.dnsstuff.com per requirement by RIPE]
This service is subject to the terms and conditions stated in the RIPE NCC Database Copyright Notice.
Contact dnsstuff.com's 'info@' address to report problems regarding the functionality of the service.
[If E-mail address(es) were hidden on this page, you can click here to get the results with the E-mail address.
Generated by www.DNSstuff.com
Location: United Kingdom [City: London, England]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 81.103.48.0 - 81.103.55.255
netname: NTL
descr: NTL Infrastructure - Guildford
country: GB
admin-c: NNMC1-RIPE
tech-c: NNMC1-RIPE
status: ASSIGNED PA
mnt-by: AS5089-MNT
remarks: INFRA-AW
changed: **********@ntli.net 20021114
source: RIPE
route: 81.102.0.0/15
descr: NTL-UK-IP-BLOCK
origin: AS5089
mnt-by: AS5089-MNT
changed: **********@ntli.net 20040929
source: RIPE
role: NTLI Network Management Centre
address: NTL Internet
address: Crawley Court
address: Winchester
address: Hampshire
address: SO21 2QA
trouble: -------------------------------------------------------
trouble: For abuse notifications please -
trouble: file an online case @ http://www.ntlworld.com/netreport
trouble: +44 1633 710142 (Voicemail Only)
trouble: -------------------------------------------------------
trouble: For peering issues/requests please -
trouble: email : *******@ntli.net
trouble: -------------------------------------------------------
admin-c: MH22007-RIPE
admin-c: NR731-RIPE
admin-c: CM1377-RIPE
tech-c: MH22007-RIPE
tech-c: CM1377-RIPE
admin-c: NR731-RIPE
nic-hdl: NNMC1-RIPE
mnt-by: AS5089-MNT
notify: *************@ntl.com
e-mail: *************@ntl.com
changed: **********@ntli.net 20030328
changed: **********@ntli.net 20030401
changed: **********@ntli.net 20030603
changed: **********@ntli.net 20030707
changed: **********@ntli.net 20040303
changed: **********@ntli.net 20040312
changed: **********@ntli.net 20040929
changed: *************@ntl.com 20050307
source: RIPE
[The following lines added by www.dnsstuff.com per requirement by RIPE]
This service is subject to the terms and conditions stated in the RIPE NCC Database Copyright Notice.
Contact dnsstuff.com's 'info@' address to report problems regarding the functionality of the service.
[If E-mail address(es) were hidden on this page, you can click here to get the results with the E-mail address.
