Very sus email but definately not O.K but unidentified

Discussion in 'malware problems & news' started by NOD32 user, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. NOD32 user

    NOD32 user Registered Member

    Jan 23, 2005
    Very sus email unidentified but not O.K.

    I'd be quite pleased and appreciative if somebody could take a look at this and help me sort out what exactly this is. I've pumped it and a few others through Jotti and they all come up clean. I'm actually re-investigating this because we had to re-install a clients whole network for them to clean this up and never identified the responsible thing. Basically there were PC's all over the network emailing basically the same thing aparently at random and of their own accord. Somethime while they were in active use, sometimes whilst resting. I captured a few of these emails by fitting a NAT SMTP proxy inline (transparent) to the network so all internet traffic had to pass through it. Anyhow, ASCII pasted below. Obviously isn't at - thats the first clue. Also all the emails claimed to be from the same sender. The to address was always either or
    Anybody come across anything like this before?
    (sorry if this post is a bit long)

    Received: From (unverified []) by SMTP Server []
    (WinGate SMTP Receiver v5.2.2 (Build 892)) with SMTP id <0000000005@blackbox>;
    Thu, 25 Mar 2004 11:41:10 +1100
    Message-ID: <>
    From: <>
    To: <>
    MIME-Version: 1.0
    Content-Type: text/plain; charset=us-ascii

    File Type: image/bin

    ------------Middle chunk removed to shorten post------------

    Last edited: Jan 24, 2005
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.