On Tue, Nov 29, 2005 at 01:06:21PM -0800, jed c wrote: > When I set up tor I gave this yahoo address as a contact address. Just before the thanksgiving holiday I noticed a lot of spam with a zipped file containing the sober worm as an attachment. I have since received about three thousand messages and Ive begun to notice a pattern. It seems that these are addresses that come from tor contact addresses. I have also received error messages (from Yahoo?) that indicate that mail that I never sent from my yahoo account could not be sent. Any ideas? I'm seeing these as well. I don't see any reason to suspect anything other than normal worm activity. > > Date: 27 Nov 2005 01:45:20 -0000 From:MAILER-DAEMON@xxxxxxxxx To:n_o_t_here@xxxxxxxxx Subject: failure delivery [input] [input] [input] [input] > Message from yahoo.com. > Unable to deliver message to the following address(es). > > <root@xxxxxxxxx>: > This address no longer accepts mail. > > --- Original message follows. > > Return-Path: <n_o_t_here@xxxxxxxxx> > > The original message is over 5k. Message truncated to 1K. > > X-Rocket-Spam: 12.220.68.209 > X-YahooFilteredBulk: 12.220.68.209 > X-Rocket-Track: cat=BK; > info=ip:BK<ip=12.220.68.209,policy=g-w0,n0,g100>;sv:UK<ip=66.218.86.247> > X-Originating-IP: [12.220.68.209] > Return-Path: <n_o_t_here@xxxxxxxxx> > Authentication-Results: mta274.mail.scd.yahoo.com > from=yahoo.com; domainkeys=neutral (no sig) > Received: from 12.220.68.209 (HELO bitty.com) (12.220.68.209) > by mta274.mail.scd.yahoo.com with SMTP; Sat, 26 Nov 2005 17:45:15 > -0800 > From: n_o_t_here@xxxxxxxxx > Date: Sun, 27 Nov 2005 01:43:46 UTC > Subject: hi,_ive_a_new_mail_address > Importance: Normal > X-Mailer: SpeedMail_V8.87 > X-Priority: 3 (Normal) > Message-ID: <bb097cf2d5056d34759c@xxxxxxxxx> > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="====206ac3.b394c9d3bcab5" > Content-Transfer-Encoding: 7bit > This is a multi-part message in MIME format. > > --====206ac3.b394c9d3bcab5 > > hey its me, my old address dont work at time. i dont know why?! > in the last days ive got some mails. i' think thaz your mails but im > not sure! > > plz read and check ... > cyaaaaaaa > --====206ac3.b394c9d3bcab5 > Content-Type: application/octet-stream; name=mailtext.zip > Content-Transfer-Encodi > *** MESSAGE TRUNCATED *** > > > > [input] [input] [input] [input] [input] [input] [input] [input] > > > --------------------------------- > Yahoo! Music Unlimited - Access over 1 million songs. Try it free. > > --------------------------------- > Yahoo! Music Unlimited - Access over 1 million songs. Try it free.-- Eugen* Leitl <a href="http://leitl.org";>leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Attachment:
signature.asc
Description: Digital signature