|
More computer tips
Here's the latest batch of infected systems
Many of these spam medstarter.biz
Bounce from: AOL (non existing recipient)
X-AOL-IP: 213.46.255.13
Date: Sun, 28 Dec 2003 23:24:55 +0000
(headers were forged to include an extra line)
Bounce from: AOL (non existing recipient)
X-AOL-IP: 205.167.142.108
Date: Sun, 28 Dec 2003 23:13:48 +0000
(headers were forged to include an extra line)
Bounce from: <MAILER-DAEMON@cableonda.net>
Received: from [64.213.58.184] (HELO isp-solaris.com)
by cableonda.net (CommuniGate Pro SMTP 4.0.6)
with ESMTP id 63530389; Sun, 28 Dec 2003 14:54:22 -0500
Bounce from: <MAILER-DAEMON@cantv.net>
Received: from xezaar.com (dC85465AC.dslam-04-16-2-02-01-02.fdo.dsl.cantv.net [200.84.101.172])
by rs25s8.datacenter.cha.cantv.net (8.12.10/8.12.6/3.0) with ESMTP id hBSJEJOo004080;
Sun, 28 Dec 2003 15:14:25 -0400
Bounce from: AOL (non existing recipient)
X-AOL-IP: 194.73.73.125
Date: Sun, 28 Dec 2003 17:25:50 +0000
(headers were forged to include an extra line)
Bounce from: <MAILER-DAEMON@cantv.net>
Received: from amb.com (dC85449CA.dslam-09-1-16-05-1-01.sal.dsl.cantv.net [200.84.73.202])
by rs26s6.datacenter.cha.cantv.net (8.12.10/8.12.6/3.0) with ESMTP id hBSH9M9A031790;
Sun, 28 Dec 2003 13:09:55 -0400
Bounce from: <Mailer-Daemon@btinternet.com>
Received: from [81.132.17.42] (helo=cohs.com)
by butane.btinternet.com with esmtp (Exim 3.22 #25)
id 1AadRD-0005Ew-00; Sun, 28 Dec 2003 16:06:44 +0000
Bounce from: <Mailer-Daemon@btinternet.com>
Received: from [81.129.103.180] (helo=ust.hk)
by lutetium.btinternet.com with esmtp (Exim 3.22 #25)
id 1Aab8F-0002wY-00; Sun, 28 Dec 2003 13:39:04 +0000
Bounce from: <MAILER-DAEMON@gambit.cpunet.com.br>
Received: (qmail-ldap/ctrl 11458 invoked from network); 28 Dec 2003 11:50:38 -0000
Received: from unknown (HELO bambas.com) ([200.223.69.78])
(envelope-sender <gahr_bb@munged.com>)
by gambit.cpunet.com.br (qmail-ldap-1.03) with SMTP
for <bigbearsden1941@aol.com>; 28 Dec 2003 11:50:38 -0000
Bounce from: <Mailer-Daemon@btinternet.com>
Received: from [213.122.156.160] (helo=epix.com)
by metox.btinternet.com with esmtp (Exim 3.22 #25)
id 1AaVny-0004lG-00; Sun, 28 Dec 2003 07:57:48 +0000
Bounce from: AOL (non existing recipient)
X-AOL-IP: 64.12.138.8
Date: Sun, 28 Dec 2003 00:23:23 +0000
(headers were forged to include an extra line)
Bounce from: AOL (non existing recipient)
X-AOL-IP: 213.46.243.28
Date: Sat, 27 Dec 2003 20:23:46 +0000
(headers were forged to include an extra line)
Bounce from: AOL (non existing recipient)
X-AOL-IP: 194.73.73.83
Date: Sat, 27 Dec 2003 19:37:20 +0000
(headers were forged to include an extra line)
Bounce from: <MAILER-DAEMON@mail15.voicenet.com>
Received: from lata222-0553-pri.lata222.voicenet.com (HELO beiu.com) (207.103.48.53)
by mail15.voicenet.com with SMTP; 27 Dec 2003 17:52:32 -0000
Bounce from: <postmaster@mta18.srv.hcvlny.cv.net>
Received: from tcp-daemon.mta18.srv.hcvlny.cv.net by mta18.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
id <0HQI00EJ5P847H@mta18.srv.hcvlny.cv.net>
(original mail from d_w.hayesgl@munged.com); Fri,
26 Dec 2003 14:38:35 -0500 (EST)
Received: from spectravel.com (ool-43555c7e.dyn.optonline.net [67.85.92.126])
by mta18.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <0HQI002Q8P7VIA@mta18.srv.hcvlny.cv.net>; Fri,
26 Dec 2003 14:38:34 -0500 (EST)
Bounce from: <postmaster@mta13.srv.hcvlny.cv.net>
Received: from tcp-daemon.mta13.srv.hcvlny.cv.net by mta13.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
id <0HQI001MHRUMWF@mta13.srv.hcvlny.cv.net>
(original mail from m.escher_oo@munged.com); Fri,
26 Dec 2003 15:35:24 -0500 (EST)
Received: from andrew31.freeserve.co.uk
(ool-18bb4e8a.dyn.optonline.net [24.187.78.138]) by mta13.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <0HQI000R3RUR1V@mta13.srv.hcvlny.cv.net>; Fri,
26 Dec 2003 15:35:21 -0500 (EST)
--------------------------------
IP addresses of infected systems, from October until late November 2003. I've
just extracted the IP addresses that AOL said were transmitting to them. Some of
these entries may be the same machine with different IP addresses. It kinda
looks that way, don't you think?
128.2.70.60
134.48.145.175
142.163.144.9
142.166.209.43
147.205.88.195
149.159.43.88
156.34.162.191
167.206.5.42
172.18.141.37
172.18.141.38
172.18.141.67
172.18.141.69
172.18.146.2
172.18.146.3
172.18.146.4
172.18.146.5
172.18.146.5
172.18.149.1
172.18.149.1
172.18.149.2
172.18.149.2
172.18.149.2
172.18.149.33
172.18.149.4
172.18.149.4
172.18.149.44
172.18.149.5
172.18.176.129
172.18.176.132
172.18.180.65
172.18.180.65
172.20.105.105
172.20.105.105
172.20.105.134
172.20.115.198
172.20.115.202
172.20.115.234
172.20.116.38
172.20.116.39
172.20.116.39
172.20.116.39
172.20.116.40
172.20.116.40
172.20.116.40
172.20.116.41
172.20.116.6
172.20.116.8
172.20.75.165
172.20.75.165
172.20.75.179
172.20.75.183
172.20.75.193
172.20.75.194
172.20.83.104
172.20.83.106
172.20.83.106
172.20.83.137
172.20.83.34
172.20.83.38
172.20.83.39
172.20.83.41
172.20.83.44
172.21.28.100
172.21.28.102
172.21.28.103
172.21.28.104
172.21.28.105
172.21.28.98
172.21.28.99
172.31.36.97
194.73.73.78
194.73.73.87
195.132.230.101
200.214.34.20
200.56.172.158
204.251.84.14
206.128.117.202
207.181.101.13
207.253.144.120
207.5.167.172
209.225.28.206
209.225.28.214
212.186.188.35
212.20.101.43
213.112.207.42
213.245.238.250
216.165.243.157
216.68.1.133
216.68.1.133
217.121.115.32
217.121.115.32
217.122.125.49
217.122.49.185
217.123.27.114
218.91.116.27
62.103.229.188
62.121.95.234
64.12.138.7
64.12.138.7
64.12.138.8
64.12.138.9
64.12.138.9
64.89.160.9
65.117.217.191
66.131.169.78
66.191.12.25
66.71.40.101
67.60.121.133
67.60.86.42
68.1.17.123
68.1.17.254
68.202.235.43
68.225.217.63
68.235.0.236
69.144.172.211
69.17.153.80
69.47.110.51
80.69.98.249
80.69.98.249
81.9.192.222
82.44.226.202
|