dslreports logo
    All Forums Hot Topics Gallery
Search Topic:
share rss forum feed


A different approach.

This one seems slightly different from all the packed viruses I'm seeing of late and thought you gurus might be interested.

Bot no doubt but still a little different from most you see in the originating email address and the to email address.

I won't bother with the kav bit, but hey, they will try anything. :)

Return-Path: norwegian@ha178ss.3kav.info
Received: from zim-mta03.web.westnet.com.au (LHLO
 zim-mta03.web.westnet.com.au) ( by webmail05.westnet.com.au
 with LMTP; Thu, 13 Dec 2012 19:58:46 +0800 (WST)
Received: from inbound-mail03.westnet.com.au (inbound-mail03.westnet.com.au [])
by zim-mta03.web.westnet.com.au (Postfix) with ESMTP id 0C5BD4D31E
for <XXXXX@westnet.com.au>; Thu, 13 Dec 2012 19:58:45 +0800 (WST)
X-Ironport-Incoming: 1
Received: from unknown (HELO ha178ss.3kav.info) ([])
  by inbound-mail03.westnet.com.au with ESMTP; 13 Dec 2012 19:58:45 +0800
Received: from localhost (localhost.localdomain [])
by ha178ss.3kav.info (Postfix) with SMTP id F013CB46DDD5
for <XXXXX@westnet.com.au>; Thu, 13 Dec 2012 14:48:33 +0300 (MSK)
From: "=?gb2312?B?bm9yd2VnaWFu?=" <norwegian@ha178ss.3kav.info>
To: "=?gb2312?B?bm9yd2VnaWFu?=" <XXXXX@westnet.com.au>, 
Date: Thu, 13 Dec 2012 19:48:33 +0800
Subject: =?gb2312?B?bm9yd2VnaWFuv7TD9w==?=
X-Priority: 3
MIME-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="-=NextMailPart50c9c091f1b06"
Message-Id: <20121213114833.F013CB46DDD5@ha178ss.3kav.info>

The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke