Архив рубрики: Без рубрики

VIRUS (BC.Exploit.CVE_2011_3412) in mail FROM [194.186.209.78]

This is a multipart message in MIME format.

——=_NextPart_000_DA07_01CEBD2A.11C8EE20
Content-Type: text/plain;
boundary=»———-=_1328525985-20892-0″;
charset=»iso-8859-1″
Content-Transfer-Encoding: 7bit

A virus was found: BC.Exploit.CVE_2011_3412

Scanner detecting a virus: ClamAV-clamd

Content type: Virus
Internal reference code for the message is 20892-08/HzveAxzzAal7

First upstream SMTP client IP address: [194.186.209.78]
According to a ‘Received:’ trace, the message apparently originated at:
[194.186.209.78], main.mcity.local unknown [194.186.209.78]

Return-Path:
From: superviser@vtls.ru
Message-ID:
Subject: =?windows-1251?B?4/Dg9Ojq?=
The message has been quarantined as: antivirus@sphera-net.ru

Notification to sender will not be mailed.

The message WAS NOT relayed to:
:
250 2.7.0 Ok, discarded, id=20892-08 — INFECTED:
BC.Exploit.CVE_2011_3412

Virus scanner output:
p002: BC.Exploit.CVE_2011_3412 FOUND

——=_NextPart_000_DA07_01CEBD2A.11C8EE20
Content-Type: text/rfc822-headers;
name=»header.txt»
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=»header.txt»

Return-Path:
Received: from main.mcity.local (unknown [194.186.209.78])
by mail.sphera-net.ru (Postfix) with ESMTPA id 0CAACDEFB7
for ; Mon, 6 Feb 2012 14:59:38 +0400 (MSK)
Date: Mon, 6 Feb 2012 17:58:09 +0700
From: superviser@vtls.ru
Organization: superviser@vtls.ru
X-Priority: 3 (Normal)
Message-ID:
To: Svidinskii_AA@vtls.ru
Subject: =?windows-1251?B?4/Dg9Ojq?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=»———-21B520B3EBE8F84″

——=_NextPart_000_DA07_01CEBD2A.11C8EE20—

VIRUS (BC.Exploit.CVE_2011_3412) in mail FROM [194.186.209.78]

This is a multipart message in MIME format.

——=_NextPart_000_DA07_01CEBD2A.11C8EE20
Content-Type: text/plain;
boundary=»———-=_1328525985-20892-0″;
charset=»iso-8859-1″
Content-Transfer-Encoding: 7bit

A virus was found: BC.Exploit.CVE_2011_3412

Scanner detecting a virus: ClamAV-clamd

Content type: Virus
Internal reference code for the message is 20892-08/HzveAxzzAal7

First upstream SMTP client IP address: [194.186.209.78]
According to a ‘Received:’ trace, the message apparently originated at:
[194.186.209.78], main.mcity.local unknown [194.186.209.78]

Return-Path:
From: superviser@vtls.ru
Message-ID:
Subject: =?windows-1251?B?4/Dg9Ojq?=
The message has been quarantined as: antivirus@sphera-net.ru

Notification to sender will not be mailed.

The message WAS NOT relayed to:
:
250 2.7.0 Ok, discarded, id=20892-08 — INFECTED:
BC.Exploit.CVE_2011_3412

Virus scanner output:
p002: BC.Exploit.CVE_2011_3412 FOUND

——=_NextPart_000_DA07_01CEBD2A.11C8EE20
Content-Type: text/rfc822-headers;
name=»header.txt»
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=»header.txt»

Return-Path:
Received: from main.mcity.local (unknown [194.186.209.78])
by mail.sphera-net.ru (Postfix) with ESMTPA id 0CAACDEFB7
for ; Mon, 6 Feb 2012 14:59:38 +0400 (MSK)
Date: Mon, 6 Feb 2012 17:58:09 +0700
From: superviser@vtls.ru
Organization: superviser@vtls.ru
X-Priority: 3 (Normal)
Message-ID:
To: Svidinskii_AA@vtls.ru
Subject: =?windows-1251?B?4/Dg9Ojq?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=»———-21B520B3EBE8F84″

——=_NextPart_000_DA07_01CEBD2A.11C8EE20—

VIRUS (BC.Exploit.CVE_2011_3412) in mail FROM [94.100.176.130]

This is a multipart message in MIME format.

——=_NextPart_000_DA13_01CEBD2A.12253EF0
Content-Type: text/plain;
boundary=»———-=_1328493021-3066-0″;
charset=»iso-8859-1″
Content-Transfer-Encoding: 7bit

A virus was found: BC.Exploit.CVE_2011_3412

Scanner detecting a virus: ClamAV-clamd

Content type: Virus
Internal reference code for the message is 03066-16/y+sui5Gt9gUg

First upstream SMTP client IP address: [94.100.176.130] smtp2.mail.ru
According to a ‘Received:’ trace, the message apparently originated at:
[95.181.42.146], [95.181.42.146] port=51810 helo=LocalHost

Return-Path:
From: «TonusClub»
Message-ID:
The message has been quarantined as: antivirus@sphera-net.ru

Notification to sender will not be mailed.

The message WAS NOT relayed to:
:
250 2.7.0 Ok, discarded, id=03066-16 — INFECTED:
BC.Exploit.CVE_2011_3412

Virus scanner output:
p006: BC.Exploit.CVE_2011_3412 FOUND

——=_NextPart_000_DA13_01CEBD2A.12253EF0
Content-Type: text/rfc822-headers;
name=»header.txt»
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename=»header.txt»

Return-Path:
Received: from smtp2.mail.ru (smtp2.mail.ru [94.100.176.130])
by mail.sphera-net.ru (Postfix) with ESMTPS id 283BEDF044
for ; Mon, 6 Feb 2012 05:50:04 +0400 (MSK)
DKIM-Signature: v=3D1; a=3Drsa-sha256; q=3Ddns/txt; c=3Drelaxed/relaxed; =
d=3Dmail.ru; s=3Dmail;
h=3DContent-Type:MIME-Version:Date:Subject:Cc:To:From:Message-ID; =
bh=3DayA9rZxRT1KNyCEJuwUtF9A8kXuy5HeruGYBsg5QQ08=3D;
=
b=3Dnu8IO3XrZli/J8/B+0NswiDobrKznMBRLGnaF45XliKzDePkJrQX7J4rEaobUVBdEfqc+=
58AD99z5oO3TK/LuZz8DBpI7Be7WOOPCDvrT994s3EUjWKvYLG4H1n0gHLh;
Received: from [95.181.42.146] (port=3D51810 helo=3DLocalHost)
by smtp2.mail.ru with esmtpa (envelope-from )
id 1RuDec-00034t-6f; Mon, 06 Feb 2012 05:46:11 +0400
Message-ID:
From: «TonusClub»
To: =3D?koi8-r?B?/MTVwdLEIPfMwcTJzcnSz9fJ3iDi1czB1M/X?=3D =

Cc: =3D?koi8-r?B?7cHL08nN?=3D
Subject:=20
Date: Mon, 6 Feb 2012 08:45:59 +0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=3D»—-=3D_NextPart_000_0003_01CCE4AB.C0145400″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mru-NR: 2
X-Mru-UID: 332882899
X-Mru-IsAutoreg: 0
X-Mru-AutoregInfo: 1195975, []
X-Spam: Not detected
X-Mras: Ok
X-Mru-Karma: 2

——=_NextPart_000_DA13_01CEBD2A.12253EF0—

VIRUS (BC.Exploit.CVE_2011_3412) in mail FROM [94.100.176.130]

This is a multipart message in MIME format.

——=_NextPart_000_DA13_01CEBD2A.12253EF0
Content-Type: text/plain;
boundary=»———-=_1328493021-3066-0″;
charset=»iso-8859-1″
Content-Transfer-Encoding: 7bit

A virus was found: BC.Exploit.CVE_2011_3412

Scanner detecting a virus: ClamAV-clamd

Content type: Virus
Internal reference code for the message is 03066-16/y+sui5Gt9gUg

First upstream SMTP client IP address: [94.100.176.130] smtp2.mail.ru
According to a ‘Received:’ trace, the message apparently originated at:
[95.181.42.146], [95.181.42.146] port=51810 helo=LocalHost

Return-Path:
From: «TonusClub»
Message-ID:
The message has been quarantined as: antivirus@sphera-net.ru

Notification to sender will not be mailed.

The message WAS NOT relayed to:
:
250 2.7.0 Ok, discarded, id=03066-16 — INFECTED:
BC.Exploit.CVE_2011_3412

Virus scanner output:
p006: BC.Exploit.CVE_2011_3412 FOUND

——=_NextPart_000_DA13_01CEBD2A.12253EF0
Content-Type: text/rfc822-headers;
name=»header.txt»
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename=»header.txt»

Return-Path:
Received: from smtp2.mail.ru (smtp2.mail.ru [94.100.176.130])
by mail.sphera-net.ru (Postfix) with ESMTPS id 283BEDF044
for ; Mon, 6 Feb 2012 05:50:04 +0400 (MSK)
DKIM-Signature: v=3D1; a=3Drsa-sha256; q=3Ddns/txt; c=3Drelaxed/relaxed; =
d=3Dmail.ru; s=3Dmail;
h=3DContent-Type:MIME-Version:Date:Subject:Cc:To:From:Message-ID; =
bh=3DayA9rZxRT1KNyCEJuwUtF9A8kXuy5HeruGYBsg5QQ08=3D;
=
b=3Dnu8IO3XrZli/J8/B+0NswiDobrKznMBRLGnaF45XliKzDePkJrQX7J4rEaobUVBdEfqc+=
58AD99z5oO3TK/LuZz8DBpI7Be7WOOPCDvrT994s3EUjWKvYLG4H1n0gHLh;
Received: from [95.181.42.146] (port=3D51810 helo=3DLocalHost)
by smtp2.mail.ru with esmtpa (envelope-from )
id 1RuDec-00034t-6f; Mon, 06 Feb 2012 05:46:11 +0400
Message-ID:
From: «TonusClub»
To: =3D?koi8-r?B?/MTVwdLEIPfMwcTJzcnSz9fJ3iDi1czB1M/X?=3D =

Cc: =3D?koi8-r?B?7cHL08nN?=3D
Subject:=20
Date: Mon, 6 Feb 2012 08:45:59 +0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=3D»—-=3D_NextPart_000_0003_01CCE4AB.C0145400″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mru-NR: 2
X-Mru-UID: 332882899
X-Mru-IsAutoreg: 0
X-Mru-AutoregInfo: 1195975, []
X-Spam: Not detected
X-Mras: Ok
X-Mru-Karma: 2

——=_NextPart_000_DA13_01CEBD2A.12253EF0—