[LINK] Nice little Conflicker spreader email.

Chris Maltby chris at sw.oz.au
Tue Oct 20 10:52:46 AEDT 2009


On Tue, Oct 20, 2009 at 10:26:38AM +1100, Rick Welykochy wrote:
> My guess is that the email is from crooks and is a well crafted
> attempt to install Conficker on your (Windows) system.

As you say - well crafted and from crooks.  Here's the headers from a
copy I got... (The elipsis are mine).

  Return-Path: <barneyrm at rothmanandtobin.com>
  Received: from unknown (HELO CUMHPKZ) (193.17.208.215)
	  by ... with SMTP; 19 Oct 2009 13:56:29 -0000
  Received: from 193.17.208.215 by sbserver.rothmanandtobin.com;
	  Mon, 19 Oct 2009 16:56:22 +0200
  Message-ID: <000d01ca50c3$f1402c80$6400a8c0 at barneyrm>
  From: "Microsoft Windows Agent" <...>
  To: ...
  Subject: Conflicker.B Infection Alert
  Date: Mon, 19 Oct 2009 16:56:22 +0200
  MIME-Version: 1.0
  Content-Type: multipart/mixed;
	  boundary="----=_NextPart_000_0006_01CA50C3.F1402C80"
  X-Priority: 3
  X-MSMail-Priority: Normal
  X-Mailer: Microsoft Outlook Express 6.00.2900.2180
  X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

Mine was intercepted by amavis.

Chris



More information about the Link mailing list