La sostanza è questa: qualcuno del forum (siccome è successo a più moderatori e per di più più volte) ha il pc infetto dal virus W32.Yaha.F@mm.
Non ci resta che chiedervi di controllare lo stato di salute del vostro pc usando un buon antivirus aggiornato.
Per curiosità (o competenza, o cos'altro...) vi posto gli header dell'email (non maschero l'indirizzo del mittente, xè tanto è falso):
Return-Path: <shareit@love.org>
Received: from buddy.siteprotect.com ([64.26.0.87] verified)
by infinito.it (CommuniGate Pro SMTP 3.5.9)
with ESMTP id 17151513 for ******@infinito.it; Mon, 23 Sep 2002 09:07:18 +0200
Received: from mail.pc-facile.com (a-as1-41.tin.it [212.216.125.232])
by buddy.siteprotect.com (8.9.3/8.9.3) with SMTP id CAA19483
for <dado*at*pc-facile*dot*com>; Mon, 23 Sep 2002 02:07:12 -0500
Message-Id: <200209230707.CAA19483@buddy.siteprotect.com>
From: passion<shareit@love.org>
To: dado*at*pc-facile*dot*com
Subject: I am For u !
Date: Mon,23 Sep 2002 09:08:41 PM
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=hxlmrku
In allegato c'è un file .scr (screensaver), appunto infetto.
Il corpo del messaggio è questo:
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
This e-mail is never sent unsolicited. If you need to unsubscribe,
follow the instructions at the bottom of the message.
***********************************************************
Enjoy this friendship Screen Saver and Check ur friends circle...
Send this screensaver from http://www.love.org to everyone you
consider a FRIEND, even if it means sending it back to the person
who sent it to you. If it comes back to you, then you'll know you
have a circle of friends.
* To remove yourself from this mailing list, point your browser to:
http://love.org/remove?freescreensaver
* Enter your email address (dado@pc-facile.com) in the field provided and click "Unsubscribe".
OR...
* Reply to this message with the word "REMOVE" in the subject line.
This message was sent to address dado*at*pc-facile*dot*com
X-PMG-Recipient: dado*at*pc-facile*dot*com
<<<>>> <<<>>> >> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
Dall'analisi con il prg di Zello, risulta:
**********
Analyzing:
Sender (or dispatching mailserver) IP:64.26.0.87
He/she/it has said to be :buddy.siteprotect.com
Receiving mailserver [by]:infinito.it
For email: <******@infinito.it>
**********
Analyzing:
Sender (or dispatching mailserver) IP:212.216.125.232
He/she/it has said to be :mail.pc-facile.com
Receiving mailserver [by]:buddy.siteprotect.com
For email: <dado*at*pc-facile*dot*com>
Listed in:
* blackholes.five-ten-sg.com
212.216.125.232 is a dialup, stopping analysis
******************
*****RESULTS******
******************
- 212.216.125.232(a-as1-41.tin.it): Spam source
% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-service ... right.html
inetnum: 212.216.120.0 - 212.216.127.255
netname: TIN
descr: Telecom Italia S.p.A.
descr: E@sy.ip (Premium) servicein OSPF Area 01
descr: Wholesale service for ISP
country: IT
admin-c: BS104-RIPE
tech-c: BS104-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse*at*telecomitalia*dot*it
notify: net_ti*at*@telecomitalia*dot*it
mnt-by: TIWS-MNT
changed: cgiadmin*at*cgi*dot*interbusiness*dot*it 19990510
changed: net_ti*at*telecomitalia*dot*it 20011019
source: RIPE
route: 212.216.0.0/16
descr: INTERBUSINESS
origin: AS3269
mnt-by: INTERB-MNT
changed: cgiadmin*at*cgi*dot*interbusiness*dot*it 19980422
source: RIPE
person: BBBEASYIP STAFF
address: Via Val Cannuta, 250
address: I-00100 Roma
address: Italy
phone: +39 06 36881
e-mail: ripe-staff*at*telecomitalia*dot*it
nic-hdl: BS104-RIPE
notify: ripe-staff*at*telecomitalia*dot*it
changed: net_ti*at*telecomitalia*dot*it 20001019
source: RIPE
-------------------
Registrazione
