[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: ATM Hi (This is the work of the Beagle worm)
> Do those of you who receive individual messages also get the original
headers
> that the message carried when it went from originator to the atm list
server?
Not sure.
> If so, it might be helpful to copy out the headers from those Beagle worm
> generated messages and post them. Might allow someone on the list to
recognize
> that they have an infected machine.
Anyway here are the headers I got.
----
Return-Path: <owner-atm@shore.net>
Received: from whirlwind.systems.pipex.net (whirlwind.systems.pipex.net
[62.241.160.7])
by sindbad (Cyrus v2.1.13) with LMTP; Tue, 20 Jan 2004 20:49:10 +0000
X-Sieve: CMU Sieve 2.2
X-Envelope-To: chris_group_mail@dsl.pipex.com
Received: from aquarium.shore.net (aquarium.shore.net [207.244.124.7])
by whirlwind.systems.pipex.net (Postfix) with ESMTP id 112C11C002AA;
Tue, 20 Jan 2004 20:48:55 +0000 (GMT)
Received: from major by aquarium.shore.net with local (brought to you by
Exim)
id 1Aiyjg-0006tT-00; Tue, 20 Jan 2004 11:28:16 -0500
Received: from mx2.primushost.com ([209.58.220.72])
by aquarium.shore.net with esmtp (brought to you by Exim)
id 1Aiyjb-0006qf-00; Tue, 20 Jan 2004 11:28:11 -0500
Received: from enpc4517.dhcp.asu.edu (ENPC4517) [149.169.23.39]
by mx2.primushost.com with smtp (Exim)
id 1Aj0Fs-0000Un-8U; Tue, 20 Jan 2004 13:05:36 -0500
Date: Tue, 20 Jan 2004 11:05:05 -0700
To: atm@shore.net
Subject: ATM Hi
From: mdholm@telerama.com
Message-ID: <sqyrfgvepgcebmfdvxu@telerama.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------524337338442168"
Sender: owner-atm@shore.net
Precedence: bulk
Reply-To: mdholm@telerama.com
X-Report-Errors-to: mikell@optonline.net
----
Hope it helps,
Chris