Abr 20

fuimos spamers el sabado 18-04

Aqui le muestro una cabecera de un mail q mando nuestro server el sabado
Como se puede ver el usario q se logueo al webmail fue cultural. Como medida se le cambio la password del correo y tambien se borraron 1500
mail de la cola de postfix. Estos mail fueron generados del mismo modo.
Como medida 2 se cambiaran los pass inseguros y se informaran a los usuarios sus nuevos pass (aurora).
Otra cosa rara es q el viernes en cultural se infecto una pc q tiene en el outlook esa cuenta . El virus era (W32/Autorun.DMI)

———- Forwarded message ———-
From: Nicholas Sherman
Date: Sat, Apr 18, 2009 at 11:20
Subject: Fw:
To: prensa@rectorado.unc.edu.ar, prosecretario@psi.unc.edu.ar

From EDMONDS LOAN INVESTMENT COMPANY Sat Apr 18 03:11:42 2009
Return-Path:
Authentication-Results: mta163.mail.ac4.yahoo.com from=yahoo.com.hk;
domainkeys=neutral (no sig); from=yahoo.com.hk; dkim=neutral (no sig)
Received: from 200.16.31.20 (EHLO fl.fl.unc.edu.ar) (200.16.31.20)
by mta163.mail.ac4.yahoo.com with SMTP; Sat, 18 Apr 2009 06:58:02 -0700
Received: from localhost (localhost [127.0.0.1])
by fl.fl.unc.edu.ar ((8.13.6/8.13.6)) with ESMTP id 56D6D23A97B8;
Sat, 18 Apr 2009 07:11:45 -0300 (ART)
Received: from fl.fl.unc.edu.ar ([127.0.0.1])
by localhost (fl.unc.edu.ar [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Nxh2wOrV11c9; Sat, 18 Apr 2009 07:11:45 -0300 (ART)
Received: from www.lenguas.unc.edu.ar (localhost [127.0.0.1])
by fl.fl.unc.edu.ar ((8.13.6/8.13.6)) with ESMTP id 0415F23A97AF;
Sat, 18 Apr 2009 07:11:42 -0300 (ART)
Received: from 213.255.218.244
(SquirrelMail authenticated user cultural)
by www.lenguas.unc.edu.ar with HTTP;
Sat, 18 Apr 2009 07:11:42 -0300 (ART)
Message-ID:
Date: Sat, 18 Apr 2009 07:11:42 -0300 (ART)
Subject:
From: «EDMONDS LOAN INVESTMENT COMPANY»
Reply-To: johnson.mredmond@yahoo.com.hk
User-Agent: SquirrelMail/1.4.10a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Importance: Normal
To: undisclosed-recipients:;
Content-Length: 1018

—– Forwarded Message —-
*From:* EDMONDS LOAN INVESTMENT COMPANY
*Sent:* Saturday, April 18, 2009 5:11:42 AM
*Subject:*

EDMONDS LOAN INVESTMENT COMPANY
THE BUSINESS LOAN EXPERTS
714 Edmond’s House,
3 DF Road, Docklands,
London, E1 – E18
ENGLAND.

*—————–

Informática FL

Deja una respuesta