[p2p-hackers] Warning Message: Your services near to be closed.
Duncan B. Cragg
p2phack at cilux.org
Tue Oct 18 19:13:47 UTC 2005
Just so it's clear to anyone that didn't spot it (the bad English in the
Subject and body, the bogus virus scan message plus the fact that it's a
zip are indicators), this is a user-activated worm, as described here:
http://www.sarc.com/avcenter/venc/data/w32.mytob.ku@mm.html
The email apparently originated from via 'cncnet.net':
1ge1-C6K1-MSFC-SH2-CHJ1.sh.cncnet.net [210.22.66.70]
210.22.105.130
(a traceroute on the IP address given in the email headers)
Whois:
China NetCom Corp.
Building C,No.156 Fuxingmennei St.Beijing,10031,China 100031
So, leave it alone...!
Duncan
More information about the P2p-hackers
mailing list