Very sus email but definately not O.K but unidentified

Discussion in 'malware problems & news' started by NOD32 user, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Very sus email unidentified but not O.K.

    I'd be quite pleased and appreciative if somebody could take a look at this and help me sort out what exactly this is. I've pumped it and a few others through Jotti and they all come up clean. I'm actually re-investigating this because we had to re-install a clients whole network for them to clean this up and never identified the responsible thing. Basically there were PC's all over the network emailing basically the same thing aparently at random and of their own accord. Somethime while they were in active use, sometimes whilst resting. I captured a few of these emails by fitting a NAT SMTP proxy inline (transparent) to the network so all internet traffic had to pass through it. Anyhow, ASCII pasted below. Obviously hotmail.com isn't at 10.0.0.2 - thats the first clue. Also all the emails claimed to be from the same sender. The to address was always either @hotpop.com or @bigfoot.com
    Anybody come across anything like this before?
    (sorry if this post is a bit long)

    Received: From hotmail.com (unverified [10.0.0.2]) by SMTP Server [10.0.0.138]
    (WinGate SMTP Receiver v5.2.2 (Build 892)) with SMTP id <0000000005@blackbox>;
    Thu, 25 Mar 2004 11:41:10 +1100
    Message-ID: <713658994@mail.hotmail.com>
    From: <rosmith79@hotmail.com>
    To: <sanmarco@hotpop.com>
    MIME-Version: 1.0
    Content-Type: text/plain; charset=us-ascii

    File Type: image/bin
    BNAMKPBJEGGFHOIKJMNCAADCDDEBIIILKNMOPPCBEDFDGGHMKMLOPMDCFBCIMIBIOOFOBB
    LKKINGFPKLJHOFDAELAFHBFIKMLKBDHMPDKIBBBEIHGCOPGODHMHMPOPANMMBMBJBKPLJC
    GCAELLLMMGOAOHMGOMHNHPKINDPNDGEPGBNMOELHIDIKLNKALNGPLIAHMELKOABCDCNFIC

    ------------Middle chunk removed to shorten post------------

    IAAAFOJLPMHPCDJIGFGNKANKHJFJCBCFLIMLJJNLLDGBGAGCGDMBICABINDDGJJEJNHHDP
    OIPHMBNBNDLGPOJIBECGEAPCKDCKEJEOFHBIIFIMFNBLKKEMNGNNCJFAIFCGNOECKPCAGL
    MNAABNECJOCPDPDCMLAEDKOBJAOH
    .
     
    Last edited: Jan 24, 2005
Thread Status:
Not open for further replies.