W
WSW
Please note the IP address is probably spoofed because I am getting these
from various sites and they all have different IP's.
Is this a worm or what? I've seen this happen on more than one site on the
same server.
There isn't even a form on the site like that with those fields, but the
form definately went through the server according to the headers.. I've been
seeing them from various sites as well. The headers indicate that it was
send through the web server though.
Received: from nt1 [216.23.168.145] by mail.websiteworld.com
(SMTPD32-8.04) id A6E442021A; Mon, 01 Dec 2003 06:32:52 -0500
Date: 01 Dec 2003 06:32:52 -0500
From: <[email protected]>
To: <[email protected]>
Content-Transfer-Encoding: 8bit
Content-Type: Text/plain; charset=windows-1252
Subject: Feedback From Website World
MIME-Version: 1.0
Reply-to: (e-mail address removed) To: (e-mail address removed) From: (e-mail address removed) Subject:
(FACF0618,Email)fzp 9 Do1soVQ7U2iGDg .
Message-Id: <200312010632718.SM01308@nt1>
X-RCPT-TO: <[email protected]>
Status: U
X-UIDL: 367770777
****************************************************************************
***
Category:
Name: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: YvKET2ma(FACF0618,Name)AW
ny2MQqMD9cRQELJ
..
Company: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: HPlLid(FACF0618,Company)N3r
WFcGL93TKeY43cI PfvgpV9
..
Telephone: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: (FACF0618,Telephone)Lrx4n
ZSW7nfoVC JJW2Mita
..
FAX: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: zp9Kk(FACF0618,FAX)
mW69855RtE7Q1o0 9KRK7gHq Wk0uDx
..
Email: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: (FACF0618,Email)fzp 9
Do1soVQ7U2iGDg
..
Remote Name: 194.14.129.130
HTTP User Agent:
Date: 12/01/2003
Comments:
body
from various sites and they all have different IP's.
Is this a worm or what? I've seen this happen on more than one site on the
same server.
There isn't even a form on the site like that with those fields, but the
form definately went through the server according to the headers.. I've been
seeing them from various sites as well. The headers indicate that it was
send through the web server though.
Received: from nt1 [216.23.168.145] by mail.websiteworld.com
(SMTPD32-8.04) id A6E442021A; Mon, 01 Dec 2003 06:32:52 -0500
Date: 01 Dec 2003 06:32:52 -0500
From: <[email protected]>
To: <[email protected]>
Content-Transfer-Encoding: 8bit
Content-Type: Text/plain; charset=windows-1252
Subject: Feedback From Website World
MIME-Version: 1.0
Reply-to: (e-mail address removed) To: (e-mail address removed) From: (e-mail address removed) Subject:
(FACF0618,Email)fzp 9 Do1soVQ7U2iGDg .
Message-Id: <200312010632718.SM01308@nt1>
X-RCPT-TO: <[email protected]>
Status: U
X-UIDL: 367770777
****************************************************************************
***
Category:
Name: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: YvKET2ma(FACF0618,Name)AW
ny2MQqMD9cRQELJ
..
Company: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: HPlLid(FACF0618,Company)N3r
WFcGL93TKeY43cI PfvgpV9
..
Telephone: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: (FACF0618,Telephone)Lrx4n
ZSW7nfoVC JJW2Mita
..
FAX: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: zp9Kk(FACF0618,FAX)
mW69855RtE7Q1o0 9KRK7gHq Wk0uDx
..
Email: (e-mail address removed)
To: (e-mail address removed)
From: (e-mail address removed)
Subject: (FACF0618,Email)fzp 9
Do1soVQ7U2iGDg
..
Remote Name: 194.14.129.130
HTTP User Agent:
Date: 12/01/2003
Comments:
body