R
Rob
the following is the headers from another two emails i got within seconds of
each other, described by my AV software as an HTML_NETSKY_P and a
WORM_NETSKY_P.
After advice i received on here.. many thanks folks, am i right in assuming
they both came from someone using a BT Openworld account?? Other than that
thats all i can work out,so if anyone can shed any more light on it then
please tell me more!! the headers are below:
many thanks
rob
Return-Path: <[email protected]>
Received: from bb-md2.onetel.net.uk (bb-md2.onetel.net.uk [212.67.120.194])
by bb-ms1.onetel.net.uk (MOS 3.4.5-GR)
with ESMTP id BDN06331;
Sat, 17 Apr 2004 14:08:04 +0100 (BST)
Received: from onetel.net (host81-130-244-184.in-addr.btopenworld.com
[81.130.244.184])
by bb-md2.onetel.net.uk (Mirapoint Messaging Server MOS 3.3.6-GR)
with ESMTP id AZR99898;
Sat, 17 Apr 2004 14:07:59 +0100 (BST)
Message-Id: <[email protected]>
From: (e-mail address removed)
To: (e-mail address removed)
Subject: Re: Message
Date: Sat, 17 Apr 2004 14:08:43 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Important message, do not show this anyone!
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
name="attach.zip"
Content-Disposition: attachment;
filename="attach.zip"
Content-Transfer-Encoding: base64
UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA==
------=_NextPart_000_0016----=_NextPart_000_0016--
and the html_netsky_p one is:
Return-Path: <[email protected]>
Received: from bb-md2.onetel.net.uk (bb-md2.onetel.net.uk [212.67.120.194])
by bb-ms1.onetel.net.uk (MOS 3.4.5-GR)
with ESMTP id BDN06246;
Sat, 17 Apr 2004 14:07:37 +0100 (BST)
Received: from onetel.net (host81-130-244-184.in-addr.btopenworld.com
[81.130.244.184])
by bb-md2.onetel.net.uk (Mirapoint Messaging Server MOS 3.3.6-GR)
with ESMTP id AZR99834;
Sat, 17 Apr 2004 14:07:33 +0100 (BST)
Message-Id: <[email protected]>
From: (e-mail address removed)
To: (e-mail address removed)
Subject: Mail Delivery (failure (e-mail address removed))
Date: Sat, 17 Apr 2004 14:08:17 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: text/plain;charset="us-ascii"
A message filter removed the following attachment(s) from this message:
message.scr
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_001C_01C0CA80.6B015D10"
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Trend Micro POP3 Mail Scan detected a virus and deleted the attached
infected file.
------=_NextPart_001_001C_01C0CA80.6B015D10--
------=_NextPart_000_001B_01C0CA80.6B015D10--
each other, described by my AV software as an HTML_NETSKY_P and a
WORM_NETSKY_P.
After advice i received on here.. many thanks folks, am i right in assuming
they both came from someone using a BT Openworld account?? Other than that
thats all i can work out,so if anyone can shed any more light on it then
please tell me more!! the headers are below:
many thanks
rob
Return-Path: <[email protected]>
Received: from bb-md2.onetel.net.uk (bb-md2.onetel.net.uk [212.67.120.194])
by bb-ms1.onetel.net.uk (MOS 3.4.5-GR)
with ESMTP id BDN06331;
Sat, 17 Apr 2004 14:08:04 +0100 (BST)
Received: from onetel.net (host81-130-244-184.in-addr.btopenworld.com
[81.130.244.184])
by bb-md2.onetel.net.uk (Mirapoint Messaging Server MOS 3.3.6-GR)
with ESMTP id AZR99898;
Sat, 17 Apr 2004 14:07:59 +0100 (BST)
Message-Id: <[email protected]>
From: (e-mail address removed)
To: (e-mail address removed)
Subject: Re: Message
Date: Sat, 17 Apr 2004 14:08:43 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Important message, do not show this anyone!
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
name="attach.zip"
Content-Disposition: attachment;
filename="attach.zip"
Content-Transfer-Encoding: base64
UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA==
------=_NextPart_000_0016----=_NextPart_000_0016--
and the html_netsky_p one is:
Return-Path: <[email protected]>
Received: from bb-md2.onetel.net.uk (bb-md2.onetel.net.uk [212.67.120.194])
by bb-ms1.onetel.net.uk (MOS 3.4.5-GR)
with ESMTP id BDN06246;
Sat, 17 Apr 2004 14:07:37 +0100 (BST)
Received: from onetel.net (host81-130-244-184.in-addr.btopenworld.com
[81.130.244.184])
by bb-md2.onetel.net.uk (Mirapoint Messaging Server MOS 3.3.6-GR)
with ESMTP id AZR99834;
Sat, 17 Apr 2004 14:07:33 +0100 (BST)
Message-Id: <[email protected]>
From: (e-mail address removed)
To: (e-mail address removed)
Subject: Mail Delivery (failure (e-mail address removed))
Date: Sat, 17 Apr 2004 14:08:17 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: text/plain;charset="us-ascii"
A message filter removed the following attachment(s) from this message:
message.scr
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_001C_01C0CA80.6B015D10"
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Trend Micro POP3 Mail Scan detected a virus and deleted the attached
infected file.
------=_NextPart_001_001C_01C0CA80.6B015D10--
------=_NextPart_000_001B_01C0CA80.6B015D10--