ここでは、Received: from等のヘッダー情報を表示せずウィルス警告メールを出す糞サイトの紹介です。
誰が出したかの情報を示さずに警告メール出すなんて常識はずれてるよね......┐('~`;)┌
Return-Path: <iscan@mail.kufs.ac.jp>
Received: from sun.kufs.ac.jp (sun.kufs.ac.jp [202.236.120.10])
by zenken.com (8.11.6/8.11.6) with SMTP id iB3Nku214034
for <123@web.net>; Sat, 4 Dec 2004 08:46:56 +0900
Received: (qmail 2511 invoked from network); 4 Dec 2004 08:48:35 +0900
Received: from mail.kufs.ac.jp (HELO kufs.ac.jp) (202.236.120.4)
by sun.kufs.ac.jp with SMTP; 4 Dec 2004 08:48:35 +0900
Received: from mail.kufs.ac.jp (localhost [127.0.0.1])
by kufs.ac.jp (8.12.10p1/8.12.10p1/KUFS-MAIL-20030308) with ESMTP id iB3NmZco002567
for <123@web.net>; Sat, 4 Dec 2004 08:48:35 +0900 (JST)
Received: from localhost (root@localhost)
by mail.kufs.ac.jp (8.12.10p1/8.12.8/Submit) with SMTP id iB3NmZ8l002565
for <123@web.net>; Sat, 4 Dec 2004 08:48:35 +0900 (JST)
Message-Id: <200412032348.iB3NmZ8l002565@mail.kufs.ac.jp>
From: iscan@mail.kufs.ac.jp
To: 123@web.net
Subject: Virus Alert
Date: Sat, 04 Dec 2004 08:48:35 +0900
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
--------
The mail message (file: your_details.pif) you sent to <saudade@kufs.ac.jp> contains a virus. (on mail)
いやぁー、ほぼ半年ぶりぐらいかなー久しぶりに来た馬鹿メール.................
今でも、こんなメールを出す所(.ac.jp)があったとは驚きです。
Return-Path: <not-reply@hs.kddi.ne.jp> Received: (qmail 12140 invoked from network); 24 May 2004 09:57:29 +0900 Received: from vcr001.hs.kddi.ne.jp (211.134.181.234) by w5.yukaido.ne.jp with SMTP; 24 May 2004 09:57:29 +0900 Received: (9107 invoked from network); 24 May 2004 09:57:01 +0900 From: KDDI-INFO <not-reply@hs.kddi.ne.jp> To: 123@web Date: Mon, 24 May 2004 09:57:01 +0900 Subject: File was infected with a virus MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit -------- Note: JP stands for Japanese. ALERT!! This e-mail contained one or more virus-infected files and have been rejected. (JP:コンピュータウィルスを発見しましたので、メールの送信を中止しました。) The following attachments were infected: (JP:感染ファイルは以下のとおり。) file=Bill.zip,status=deleted,virus-id=39409,virus-name=W32.Netsky.Z@mm Thank you, KDDI Corporation <info@hs.kddi.ne.jp> -------------- Original message text follows --------------- Subject: Hello Message-ID: Date: 2004/05/24 From: 123@web To: info@nna.jp
Return-Path: <v_check@sea.plala.or.jp>
Received: (qmail 31067 invoked from network); 21 May 2004 10:48:22 +0900
Received: from c152002.vh.plala.or.jp (HELO mps9.plala.or.jp) (210.150.152.2)
by w5.yukaido.ne.jp with SMTP; 21 May 2004 10:48:22 +0900
Received: from mrvc1.plala.or.jp ([172.23.8.145]) by mps9.plala.or.jp
with SMTP
id <20040521014755.CHEW22415.mps9.plala.or.jp@mrvc1.plala.or.jp>
for <123@web.net>; Fri, 21 May 2004 10:47:55 +0900
Received: ( 27705 invoked from network); 21 May 2004 10:47:55 +0900
From: v_check@sea.plala.or.jp
To: 123@web.net
Date: Fri, 21 May 2004 10:47:55 +0900
Subject: A virus was detected 【ウイルスメール受信拒否】
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
Message-Id: <20040521014755.CHEW22415.mps9.plala.or.jp@mrvc1.plala.or.jp>
--------
ALERT!
A virus was detected in your message.
NAV(Norton Anti Virus)はあなたのメールにウイルスを発見しました。
A virus was NOT removed.
ウイルスの駆除に失敗したため、
配信を拒否しました。
(status = not repaired :未修復)
file=data21687.zip/mail.eml
.scr,status=deleted,virus-id=37711,virus-name=W32.Netsky.Q@mm
Thank you.
Plala Networks
-------------- Original message text follows ---------------
Subject: Error (gyuta@cool.plala.or.jp)
Message-ID: <20040521014751.GWO15693.mps4.plala.or.jp@cool.plala.or.jp>
Date: 2004/05/21
From: 123@web.net
To: crow@sea.plala.or.jp
Delivered-To: 123@web Received: (qmail 7931 invoked from network); 18 Apr 2004 13:50:09 +0900 Received: from coder4.loxinfo.co.th (HELO viruswall.netfusion.nfsolution.com) (203.146.117.156) by webmasterxx.ne.jp with SMTP; 18 Apr 2004 13:50:09 +0900 Date: Sun, 18 Apr 2004 11:46:07 +0700 From: postmaster To: <123@web> Subject: InterScan NT Alert -------- Sender, InterScan has detected virus(es) in your e-mail attachment. Date: Sun, 18 Apr 2004 11:46:07 +0700 Method: Mail From: <123@web> To: ikazzmail@nfsolution.com File: your_picture.pif Action: deleted Virus: WORM_NETSKY.D
Return-Path: <> Delivered-To: 123@web.net Received: (qmail 29685 invoked from network); 16 Apr 2004 23:37:02 +0900 Received: from coder4.loxinfo.co.th (HELO viruswall.netfusion.nfsolution.com) (203.146.117.156) by webmasterxx.ne.jp with SMTP; 16 Apr 2004 23:37:02 +0900 Date: Fri, 16 Apr 2004 21:40:29 +0700 From: postmaster To: <123@web.net> Subject: InterScan NT Alert -------- Sender, InterScan has detected virus(es) in your e-mail attachment. Date: Fri, 16 Apr 2004 21:40:29 +0700 Method: Mail From: <123@web.net> To: ikazzmail@nfsolution.com File: your_bill.pif Action: deleted Virus: WORM_NETSKY.D
コメント :
Return-Path: <root@ulipc33.tufs.ac.jp>
Delivered-To: 123@web.net
Received: (qmail 6936 invoked from network); 18 Apr 2004 13:38:27 +0900
Received: from unknown (HELO ulipc33.tufs.ac.jp) (202.13.5.160)
by webmasterxx.ne.jp with SMTP; 18 Apr 2004 13:38:27 +0900
Received: from localhost (root@localhost)
by ulipc33.tufs.ac.jp (8.11.6/8.11.6) with SMTP id i3I4cPY09956
for <123@web.net>; Sun, 18 Apr 2004 13:38:25 +0900
Date: Sun, 18 Apr 2004 13:38:25 +0900
Message-Id: <200404180438.i3I4cPY09956@ulipc33.tufs.ac.jp>
From: root@ulipc33.tufs.ac.jp
To: 123@web.net
Subject: Virus Alert
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
--------
The mail message (file: document_word.pif)
you sent to ml-zenhp@tufs.ac.jp contains a virus. (on ulipc33)
警告!ウィルス対策ソフトでは04/18/2004 13:38:23にファイル:document_word.pifでウィルス:
WORM_NETSKY.Dを検出しました。
ウィルス対策ソフトではウィルスをdeletedしました。
メールの発信者:123@web.net
メールの受信者:ml-zenhp@tufs.ac.jp
Return-Path: <root@ulipc33.tufs.ac.jp> Delivered-To: 123@web Received: (qmail 3111 invoked from network); 17 Apr 2004 23:18:38 +0900 Received: from unknown (HELO ulipc33.tufs.ac.jp) (202.13.5.160) by webmasterxx.ne.jp with SMTP; 17 Apr 2004 23:18:38 +0900 Received: from localhost (root@localhost) by ulipc33.tufs.ac.jp (8.11.6/8.11.6) with SMTP id i3HEIXI11421 for <123@web>; Sat, 17 Apr 2004 23:18:33 +0900 Date: Sat, 17 Apr 2004 23:18:33 +0900 Message-Id: <200404171418.i3HEIXI11421@ulipc33.tufs.ac.jp> From: root@ulipc33.tufs.ac.jp To: 123@web Subject: Virus Alert Mime-Version: 1.0 Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit -------- The mail message (file: your_picture.pif) you sent to ml-zenhp@tufs.ac.jp contains a virus. (on ulipc33) 警告!ウィルス対策ソフトでは04/17/2004 23:18:30にファイル:your_picture.pifでウィルス: WORM_NETSKY.Dを検出しました。 ウィルス対策ソフトではウィルスをdeletedしました。 メールの発信者:123@web メールの受信者:ml-zenhp@tufs.ac.jp
Delivered-To: 123@web.net Received: (qmail 29685 invoked from network); 16 Apr 2004 23:37:02 +0900 Received: from coder4.loxinfo.co.th (HELO viruswall.netfusion.nfsolution.com) (203.146.117.156) by dddd.ne.jp with SMTP; 16 Apr 2004 23:37:02 +0900 Date: Fri, 16 Apr 2004 21:40:29 +0700 From: postmaster To: <123@web.net> Subject: InterScan NT Alert -------- Sender, InterScan has detected virus(es) in your e-mail attachment. Date: Fri, 16 Apr 2004 21:40:29 +0700 Method: Mail From: <123@web.net> To: ikazzmail@nfsolution.com File: your_bill.pif Action: deleted Virus: WORM_NETSKY.D
Return-Path: <postmaster@fujikura.co.th>
Delivered-To: 123@web
Received: (qmail 14588 invoked from network); 1 Apr 2004 04:39:34 +0900
Received: from fw.fujikura.co.th (203.146.71.162)
by dddd.ne.jp with SMTP; 1 Apr 2004 04:39:34 +0900
Received: from mx.fujikura.co.th (mx.fujikura.co.th [10.17.1.12])
by fw.fujikura.co.th (8.11.6/8.11.6) with SMTP id i2VIaG409856
for <123@web>; Thu, 1 Apr 2004 01:36:16 +0700
Message-Id: <200403311836.i2VIaG409856@fw.fujikura.co.th>
X-Mailer: Network Associates, Inc. Webshield SMTP, Version 4.5
Date: Thu Apr 01 03:11:29 2004
To: <123@web>
From: postmaster@fujikura.co.th
Subject: Virus Detected by Network Associates, Inc. Webshield SMTP V4.5
--------
Network Associates WebShield SMTP V4.5 on mx.fujikura.co.th detected virus
W32/Netsky.q@MM!zip in attachment message16198.zip from <123@web> and it was
Cleaned and Quarantined .
Delivered-To: 123@web Received: (qmail 1962 invoked from network); 5 Apr 2004 09:13:17 +0900 Received: from mail.mark-i.jp (HELO ap10-00.mark-i.co.jp) (61.200.192.77) by dddd.ne.jp with SMTP; 5 Apr 2004 09:13:17 +0900 Received: (qmail 21179 invoked by uid 214); 5 Apr 2004 09:13:16 +0900 Date: 5 Apr 2004 09:13:16 +0900 From: "System Anti-Virus Administrator" <postmaster@rolian.co.jp> To: 123@web Cc: postmaster@rolian.co.jp Subject: Virus found in sent message Mail System (rakuten@rolian.co.jp) Message-ID: <dk10-00:108112399641521103@dk10-00> X-Tnz-Problem-Type: 40 MIME-Version: 1.0 Content-type: text/plain; charset=iso-2022-jp -------- ******************** WARNING ********************* 123@web 様 rakuten@rolian.co.jp 様宛に送信されたメールがウイルスに 感染している疑いがあるため、メールの配送を 中止いたしました。 検出されたウイルスは「W32/Netsky-Q」です。 Virus has been detected in your email sent from 123@web to rakuten@rolian.co.jp. Your email will not be delivered. Please confirm your message and send it again. Your email contains: W32/Netsky-Q ==================================================
Return-Path: <JENSVirusCheckService@attnet.ne.jp> Delivered-To: 123@web.net Received: (qmail 25926 invoked from network); 6 Apr 2004 17:55:33 +0900 Received: from purify.attnet.ne.jp (HELO purify01.attnet.ne.jp) (165.76.8.44) by ddddo.ne.jp with SMTP; 6 Apr 2004 17:55:33 +0900 Received: from virus02.attnet.ne.jp (virus02 [10.10.13.22]) by purify01. attnet.ne.jp (8.9.3p3+Spin/3.7WJENS-stand3(01/19/01)) id RAA23204; Tue, 6 Apr 2004 17:55:33 +0900 (JST) Date: Tue, 6 Apr 2004 17:55:33 +0900 (JST) From: JENSVirusCheckService@attnet.ne.jp Message-Id: <200404060855.RAA23204@purify01.attnet.ne.jp> Subject: ## Virus Check Alert ## -------- あなたから送信されたメールにウィルスを発見しましたが、 駆除できないウィルスです。 ウィルスを削除し eizou@shuzaibu.tbs.co.jp さんに配送しました。 A virus was detected from the mail sent by you, but the file could not be repaired. The file has been deleted and the mail sent to eizou@shuzaibu.tbs.co.jp --- Virus scan results follow --- 感染ファイル名: document_word.pif ウィルス名: W32.Netsky.D@mm ウィルスID: 15702 Infected file name: document_word.pif Infected virus name: W32.Netsky.D@mm Infected virus ID: 15702 --- Original message information follows --- Received: from purify01.attnet.ne.jp (purify.attnet.ne.jp [165.76.8.44]) by virus02.attnet.ne.jp (Postfix) with ESMTP id 91F9F9307 for <eizou@shuzaibu.tbs.co.jp>; Tue, 6 Apr 2004 17:55:32 +0900 (JST) Received: from shuzaibu.tbs.co.jp (YahooBB219026024204.bbtec.net [219.26.24.204]) by purify01.attnet.ne.jp (8.9.3p3+Spin/3.7WJENS-stand3(01/23/01)) id RAA23162; Tue, 6 Apr 2004 17:55:31 +0900 (JST) From: 123@web.net Message-Id: <200404060855.RAA23162@purify01.attnet.ne.jp> To: eizou@shuzaibu.tbs.co.jp Subject: Re: Word file Date: Tue, 6 Apr 2004 18:00:13 +0900 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0000_00000E0B.00004CB2" X-Priority: 3 X-MSMail-Priority: Normal
Return-Path: <not-reply@hs.kddi.ne.jp> Delivered-To: 123@web.net Received: (qmail 7270 invoked from network); 26 Apr 2004 14:15:13 +0900 Received: from vcr003.hs.kddi.ne.jp (211.134.181.240) by ddddo.ne.jp with SMTP; 26 Apr 2004 14:15:13 +0900 Received: (22505 invoked from network); 26 Apr 2004 14:14:46 +0900 From: KDDI-INFO <not-reply@hs.kddi.ne.jp> To: 123@web.net Date: Mon, 26 Apr 2004 14:14:46 +0900 Subject: File was infected with a virus MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit -------- Note: JP stands for Japanese. ALERT!! This e-mail contained one or more virus-infected files and have been rejected. (JP:コンピュータウィルスを発見しましたので、メールの送信を中止しました。) The following attachments were infected: (JP:感染ファイルは以下のとおり。) file=,status=deleted,virus-id=15711,virus-name=W32.Netsky.Q@mm.enc Thank you, KDDI Corporation <info@hs.kddi.ne.jp> -------------- Original message text follows --------------- Subject: Server Error (mu@chinacargo-air.com) Message-ID: <20040426051434.JFYP19536.mail03@chinacargo-air.com> Date: 2004/04/26 From: 123@web.net To: mu@chinacargo-air.com
コメント :
Return-Path: <postmaster@asp.home.ne.jp>
Delivered-To: 123@web.net
Received: (qmail 20745 invoked from network); 26 Apr 2004 17:15:11 +0900
Received: from smtp12.asp.home.ne.jp (203.165.10.105)
by ddddo.ne.jp with SMTP; 26 Apr 2004 17:15:11 +0900
Received: by smtp12.asp.home.ne.jp (8.12.10/v4030500) with ESMTP id i3Q8F9Ce022608
for <123@web.net>; Mon, 26 Apr 2004 17:15:09 +0900 (JST)
From: postmaster@asp.home.ne.jp
Date: Mon, 26 Apr 2004 17:15:09 +0900
Subject: Virus Scan Service:ウイルスを発見しました。
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
To: 123@web.net
Message-Id: <20040426171509_25F1C290_0@asp.home.ne.jp>
--------
お客様が送信されたメールは、Virus Scanサービスによって
駆除できないウイルスが発見された為、
メールを送信することができませんでした。
※もし、本メールに関するお心当たりがない場合は、ウィルスにより
送信元のアドレスが偽られていた可能性があります。お心当たりが
ない場合には、お手数ですが、本メールを削除していただけますよう
お願いいたします。
お客様ご利用のPCがウイルス感染している可能性がありますので、
以下の情報を参考に、ウイルス感染のご確認をお願いいたします。
オリジナルメールヘッダー:
---
Received: from mail01.cts.ne.jp ([219.103.96.54])
by mxo12.asp.home.ne.jp (8.12.10/v4030100) with SMTP id i3Q8F9V3027087
for <hp25@mail01.cts.ne.jp>; Mon, 26 Apr 2004 17:15:09 +0900 (JST)
Received: (qmail 13102 invoked from network); 26 Apr 2004 17:15:08 +0900
Received: from unknown (HELO ns1.hitpops.co.jp) (211.132.7.53)
by 0 with SMTP; 26 Apr 2004 17:15:08 +0900
Received: from hitpops.co.jp (pdd21be.kobeac00.ap.so-net.ne.jp [218.221.33.190])
by ns1.hitpops.co.jp (8.11.2/8.11.2) with ESMTP id i3Q8pXB24110
for <info@hitpops.co.jp>; Mon, 26 Apr 2004 17:51:34 +0900
Message-Id: <200404260851.i3Q8pXB24110@ns1.hitpops.co.jp>
From: 123@web.net
To: info@hitpops.co.jp
Subject: Delivery Error (info@hitpops.co.jp)
Date: Mon, 26 Apr 2004 16:10:03 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 1
X-MSMail-Priority: High
送信元アドレス:123@web.net
感染ファイル:msg21793.pif
感染ウイルス:W32.Netsky.Q@mm
感染ファイル:25F1C290
感染ウイルス:W32.Netsky.Q@mm.enc
下記URLにてウイルスに関する情報をご確認いただけます。
株式会社シマンテック
http://www.symantec.com/region/jp/sarcj/index.html
・ウイルスをチェックする無償のサービスが紹介されています。
・どのようなウイルスであったか調べることができます。
※ウイルス感染された状態で再度メールが送信されても
同じくメールが削除されてしまいます。ご注意ください。
※なお、このメールに返信をされてもサポートは行えません。
Virus Scan Service
********* English ************
The VIRUS was detected from the mail which you sent.
* This e-mail may have been sent to you because the return address
was spoofed by a virus. Please delete this message if you are not
concerned with this virus.
Thank you.
Following mail was automatically deleted.
Original mail header:
---
Received: from mail01.cts.ne.jp ([219.103.96.54])
by mxo12.asp.home.ne.jp (8.12.10/v4030100) with SMTP id i3Q8F9V3027087
for <hp25@mail01.cts.ne.jp>; Mon, 26 Apr 2004 17:15:09 +0900 (JST)
Received: (qmail 13102 invoked from network); 26 Apr 2004 17:15:08 +0900
Received: from unknown (HELO ns1.hitpops.co.jp) (211.132.7.53)
by 0 with SMTP; 26 Apr 2004 17:15:08 +0900
Received: from hitpops.co.jp (pdd21be.kobeac00.ap.so-net.ne.jp [218.221.33.190])
by ns1.hitpops.co.jp (8.11.2/8.11.2) with ESMTP id i3Q8pXB24110
for <info@hitpops.co.jp>; Mon, 26 Apr 2004 17:51:34 +0900
Message-Id: <200404260851.i3Q8pXB24110@ns1.hitpops.co.jp>
From: 123@web.net
To: info@hitpops.co.jp
Subject: Delivery Error (info@hitpops.co.jp)
Date: Mon, 26 Apr 2004 16:10:03 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 1
X-MSMail-Priority: High
---
From : 123@web.net
Filename : msg21793.pif
VIRUS name is W32.Netsky.Q@mm
Filename : 25F1C290
VIRUS name is W32.Netsky.Q@mm.enc
---
We recommend to visit the following site.
(English)
http://securityresponse.symantec.com/
In addition, please understand to it that we cannot reply at all
to the question of the details of a virus, or the extermination method.
And this mail is sent automatically.
Thanks.
Virus Scan Service
Return-Path: <postmaster@fujikura.co.th>
Delivered-To: 123@web
Received: (qmail 16771 invoked from network); 5 May 2004 14:16:49 +0900
Received: from fw.fujikura.co.th (203.146.71.162)
by ddddo.ne.jp with SMTP; 5 May 2004 14:16:49 +0900
Received: from mx.fujikura.co.th (mx.fujikura.co.th [10.17.1.12])
by fw.fujikura.co.th (8.11.6/8.11.6) with SMTP id i453IBA08508
for <123@web>; Wed, 5 May 2004 10:18:11 +0700
Message-Id: <200405050318.i453IBA08508@fw.fujikura.co.th>
X-Mailer: Network Associates, Inc. Webshield SMTP, Version 4.5
Date: Wed May 05 11:28:58 2004
To: <123@web>
From: postmaster@fujikura.co.th
Subject: Virus Detected by Network Associates, Inc. Webshield SMTP V4.5
--------
Network Associates WebShield SMTP V4.5 on mx.fujikura.co.th detected virus
W32/Netsky.p@MM in attachment unknown from <123@web> and it was Deleted and
Quarantined .
Return-Path: <postmaster@cibasc.com>
Delivered-To: 123@web.net
Received: (qmail 27929 invoked from network); 7 May 2004 00:45:15 +0900
Received: from unknown (HELO chscbse02.cibasc.com) (128.246.11.254)
by ddddo.ne.jp with SMTP; 7 May 2004 00:45:15 +0900
Received: from smail02-chbs.chbs.cibasc.com (smail02-chbs.chbs.cibasc.com [10.16.170.235])
by chscbse02.cibasc.com (8.11.6/8.11.6) with ESMTP id i46FirM31301
for <123@web.net>; Thu, 6 May 2004 17:44:58 +0200
Received: from smail02-chbs.chbs.cibasc.com (smail02-chbs.chbs.cibasc.com [10.16.170.235])
by smail02-chbs.chbs.cibasc.com (Build 103 8.9.3p2/NT-8.9.3) with SMTP id RAA05585
for <123@web.net>; Thu, 06 May 2004 17:44:52 +0200
From: postmaster@cibasc.com
Message-Id: <200405061544.RAA05585@smail02-chbs.chbs.cibasc.com>
X-Mailer: Network Associates, Inc. Webshield SMTP, Version 4.5 MR1a
Date: Thu May 06 17:44:52 2004
To: <123@web.net>
Subject: Virus Detected by Network Associates, Inc. Webshield SMTP V4.5 MR1a
--------
Network Associates WebShield SMTP V4.5 MR1a on smail02-chbs detected virus
W32/Netsky.d@MM in attachment your_archive.pif from <123@web.net> and it was Cleaned.