Nanet.com.br's malfunctioning virus scaner floods e-mail boxes of absolutely unrelated people with their virus warnings, and despite on my several warnings to them, they did nothing to stop this abuse. Not they only send their warnings to the absolutely unrelated people with not infected computers, but they also include the complete virus in their "warnings", so the people who were NOT infected, will have high chances to be infected now, after reading this "warning"! Also, their postmaster@ address has bounced as "User unknown". nanet.com.br, [200.170.134.0-200.170.134.255]: Access denied! === The unrelated to me virus warning 1-1 === Received: from nanet.com.br (nanet-232.ctbctelecom.com.br [200.170.134.232]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g7V9FoX25052 for ; Sat, 31 Aug 2002 12:15:56 +0300 Received: from nanet.com.br [200.170.134.232] by nanet.com.br [200.170.134.232] with RAW (MDaemon.PRO.v5.0.4.R) for ; Sat, 31 Aug 2002 06:14:51 -0300 Date: Sat, 31 Aug 2002 06:14:51 -0300 From: postmaster@nanet.com.br Reply-To: postmaster@nanet.com.br Precedence: bulk Subject: E-mail Nanet - Virus removido ! To: webmaster@dolphinwave.org X-MDaemon-Deliver-To: webmaster@dolphinwave.org Message-ID: Mime-Version: 1.0 X-Actual-From: postmaster@nanet.com.br Content-Type: text/plain; charset=US-ASCII Status: R X-Status: N A mensagem a seguir possuia arquivos anexados com virus. Os mesmos foram removidos: From : pidge_21@hotmail.com To : webmaster@dolphinwave.org Subject : 09.jpg 10.jpgthumb Date : Message-ID: Arquivos Nome do virus Procedimento ------------------------------------------------------------------------------ cf230013806.att Exploit.IFrame.FileDownloadRemoved 6[1].pif I-Worm.Klez.h Removed Qualquer duvida entre em contato conosco: virus@nanet.com.br (0xx34) 3214-1004 http://www.nanet.com.br === The unrelated to me virus warning 1-2 === Received: from nanet.com.br (nanet-232.ctbctelecom.com.br [200.170.134.232]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g7V9FoX25051 for ; Sat, 31 Aug 2002 12:16:12 +0300 Date: Sat, 31 Aug 2002 12:16:12 +0300 Message-Id: <200208310916.g7V9FoX25051@mail.dolphinwave.org> Received: from Rcawonv [24.114.144.149] by nanet.com.br [200.170.134.232] with SMTP (MDaemon.PRO.v5.0.4.R) for ; Sat, 31 Aug 2002 06:14:39 -0300 From: pidge_21 To: webmaster@dolphinwave.org Subject: 09.jpg 10.jpgthumb MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=UPCcA769gn356710U8Q7GtyCm9M9 X-MDRemoteIP: 24.114.144.149 X-Return-Path: tracbeludi@nanet.com.br X-MDaemon-Deliver-To: webmaster@dolphinwave.org Status: R X-Status: N --UPCcA769gn356710U8Q7GtyCm9M9 Content-Type: text/plain ALERTA VIRUS O servidor de e-mail da Nanet detectou que esta mensagem possuia um virus com descricao a seguir e o mesmo foi removido automaticamente para sua seguranca e conforto. Mais informacoes abaixo. Arquivo Nome do Virus Acao Tomada ---------------------------------------------------------------------- cf230013806.att Exploit.IFrame.FileDownloadRemoved 6[1].pif I-Worm.Klez.h Removed Qualquer duvida entre em contato conosco: virus@nanet.com.br (0xx34) 3214-1004 http://www.nanet.com.br ______________________________________________________________________ --UPCcA769gn356710U8Q7GtyCm9M9 Content-Type: application/octet-stream; name=6[1].jpg Content-Transfer-Encoding: base64 Content-ID: /9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8S EhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEU AbZOTt3qVKc9CMApkq3MG5RHxTKiPoCmXglHMGxSfI+lSpUpqoFGhFNtzyM//9=9 --UPCcA769gn356710U8Q7GtyCm9M9-- === My 1st report === Content-Type: text/plain; charset="iso-8859-1" From: Admin Reply-To: abuse@2002.dolphinwave.org Organization: Private person Subject: [email] Bogus Klez virus reports, including the virus! [Fwd: E-mail Nanet - Virus removido !] Date: Sat, 31 Aug 2002 12:31:01 +0300 User-Agent: KMail/1.4.1 To: postmaster@nanet.com.br, virus@nanet.com.br, nanas-sub@cybernothing.org, abuse@2002.dolphinwave.org X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200208311231.01897@2002.dolphinwave.org> Status: R X-Status: N -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [e-mailed and archived on news.admin.net-abuse.sightings] Please, stop sending your bogus Klez virus warnings to the absolutely unrelated persons, ESPECIALLY including the full virus intact in your bounces! Klez virus/e-mail worm forges the "Mail from:" headers, and as a result your virus warnings bounce to the wrong people. Those people even being virus-free, may get infected because of you bouncing them these bogus reports, that include virus, itself! Mind you, none of my computers can be infected by that stuff cause I do not even run Windows! Refusing to stop your malfunctioning "antivirus" from abusing other networks may lead your whole IP range to be blocked. Regards, Alexander Sheremet DolphinWave.org Admin. ======= Bogus report 1-1 ======= Received: from nanet.com.br (nanet-232.ctbctelecom.com.br [200.170.134.232]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g7V9FoX25052 for ; Sat, 31 Aug 2002 12:15:56 +0300 Received: from nanet.com.br [200.170.134.232] by nanet.com.br [200.170.134.232] with RAW (MDaemon.PRO.v5.0.4.R) for ; Sat, 31 Aug 2002 06:14:51 -0300 Date: Sat, 31 Aug 2002 06:14:51 -0300 From: postmaster@nanet.com.br Reply-To: postmaster@nanet.com.br Precedence: bulk Subject: E-mail Nanet - Virus removido ! To: webmaster@dolphinwave.### X-MDaemon-Deliver-To: webmaster@dolphinwave.### Message-ID: Mime-Version: 1.0 X-Actual-From: postmaster@nanet.com.br Content-Type: text/plain; charset=US-ASCII Status: R X-Status: N A mensagem a seguir possuia arquivos anexados com virus. Os mesmos foram removidos: - From : pidge_21@hotmail.com To : webmaster@dolphinwave.### Subject : 09.jpg 10.jpgthumb Date : Message-ID: Arquivos Nome do virus Procedimento - ----------------------------------------------------------------------------- - - cf230013806.att Exploit.IFrame.FileDownloadRemoved 6[1].pif I-Worm.Klez.h Removed Qualquer duvida entre em contato conosco: virus@nanet.com.br (0xx34) 3214-1004 http://www.nanet.com.br - ------------------------------------------------------- ======= Bogus report 1-2 ======= Received: from nanet.com.br (nanet-232.ctbctelecom.com.br [200.170.134.232]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g7V9FoX25051 for ; Sat, 31 Aug 2002 12:16:12 +0300 Date: Sat, 31 Aug 2002 12:16:12 +0300 Message-Id: <200208310916.g7V9FoX25051@mail.dolphinwave.org> Received: from Rcawonv [24.114.144.149] by nanet.com.br [200.170.134.232] with SMTP (MDaemon.PRO.v5.0.4.R) for ; Sat, 31 Aug 2002 06:14:39 -0300 From: pidge_21 To: webmaster@dolphinwave.### Subject: 09.jpg 10.jpgthumb MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=UPCcA769gn356710U8Q7GtyCm9M9 X-MDRemoteIP: 24.114.144.149 X-Return-Path: tracbeludi@nanet.com.br X-MDaemon-Deliver-To: webmaster@dolphinwave.### Status: R X-Status: N - --UPCcA769gn356710U8Q7GtyCm9M9 Content-Type: text/plain ALERTA VIRUS O servidor de e-mail da Nanet detectou que esta mensagem possuia um virus com descricao a seguir e o mesmo foi removido automaticamente para sua seguranca e conforto. Mais informacoes abaixo. Arquivo Nome do Virus Acao Tomada - ---------------------------------------------------------------------- cf230013806.att Exploit.IFrame.FileDownloadRemoved 6[1].pif I-Worm.Klez.h Removed Qualquer duvida entre em contato conosco: virus@nanet.com.br (0xx34) 3214-1004 http://www.nanet.com.br ______________________________________________________________________ - --UPCcA769gn356710U8Q7GtyCm9M9 Content-Type: application/octet-stream; name=6[1].jpg Content-Transfer-Encoding: base64 Content-ID: /9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8S EhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEU Hh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wAAR AbZOTt3qVKc9CMApkq3MG5RHxTKiPoCmXglHMGxSfI+lSpUpqoFGhFNtzyM//9=9 - --UPCcA769gn356710U8Q7GtyCm9M9-- -----BEGIN PGP SIGNATURE----- Comment: Key ID: 0xAAE2A579 iD8DBQE9cIzVAAsPtqripXkRAic0AJwIO0dwUJdMHIFEiYY3g4s+pBlDkACfQGgn 0JBB/9UpKgfZ67M+bnf8bks= =rSZ+ -----END PGP SIGNATURE----- === postmaster@nanet.com.br has bounced === Received: from localhost (localhost) by mail.dolphinwave.org (8.11.6/8.11.6) id g7V9VDf25180; Sat, 31 Aug 2002 12:31:13 +0300 Date: Sat, 31 Aug 2002 12:31:13 +0300 From: Mail Delivery Subsystem Message-Id: <200208310931.g7V9VDf25180@mail.dolphinwave.org> To: ### MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="g7V9VDf25180.1030786273/mail.dolphinwave.org" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) Status: R X-Status: N ----- The following addresses had permanent fatal errors ----- postmaster@nanet.com.br (reason: 550 , Recipient unknown) ----- Transcript of session follows ----- ... while talking to correio.nanet.com.br.: >>> RCPT To: <<< 550 , Recipient unknown 550 5.1.1 postmaster@nanet.com.br... User unknown Attachment: 1 Attachment: 2 === Useless virus warnings continue, 2-1 === Received: from nanet.com.br (nanet-232.ctbctelecom.com.br [200.170.134.232]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g8461qW19141 for ; Wed, 4 Sep 2002 09:01:54 +0300 Received: from nanet.com.br [200.170.134.232] by nanet.com.br [200.170.134.232] with RAW (MDaemon.PRO.v5.0.4.R) for ; Wed, 04 Sep 2002 02:52:57 -0300 Date: Wed, 04 Sep 2002 02:52:57 -0300 From: postmaster@nanet.com.br Reply-To: postmaster@nanet.com.br Precedence: bulk Subject: E-mail Nanet - Virus removido ! To: webmaster@dolphinwave.org X-MDaemon-Deliver-To: webmaster@dolphinwave.org Message-ID: Mime-Version: 1.0 X-Actual-From: postmaster@nanet.com.br Content-Type: text/plain; charset=US-ASCII Status: R X-Status: N A mensagem a seguir possuia arquivos anexados com virus. Os mesmos foram removidos: From : joconnor65@hotmail.com To : webmaster@dolphinwave.org Subject : Means Adobe Systems Incorporated, a Delaware Date : Message-ID: Arquivos Nome do virus Procedimento ------------------------------------------------------------------------------ cf456922513.att Exploit.IFrame.FileDownloadRemoved other.bat I-Worm.Klez.h Removed Qualquer duvida entre em contato conosco: virus@nanet.com.br (0xx34) 3214-1004 http://www.nanet.com.br === Useless virus warnings continue, 2-2 === Received: from nanet.com.br (nanet-232.ctbctelecom.com.br [200.170.134.232]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g8461qW19140 for ; Wed, 4 Sep 2002 09:01:54 +0300 Date: Wed, 4 Sep 2002 09:01:54 +0300 Message-Id: <200209040601.g8461qW19140@mail.dolphinwave.org> Received: from Inoez [24.114.144.149] by nanet.com.br [200.170.134.232] with SMTP (MDaemon.PRO.v5.0.4.R) for ; Wed, 04 Sep 2002 02:52:48 -0300 From: joconnor65 To: webmaster@dolphinwave.org Subject: Means Adobe Systems Incorporated, a Delaware MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=T3o34P14408fTuRAOJS X-MDRemoteIP: 24.114.144.149 X-Return-Path: tracbeludi@nanet.com.br X-MDaemon-Deliver-To: webmaster@dolphinwave.org Status: R X-Status: N --T3o34P14408fTuRAOJS Content-Type: text/plain ALERTA VIRUS O servidor de e-mail da Nanet detectou que esta mensagem possuia um virus com descricao a seguir e o mesmo foi removido automaticamente para sua seguranca e conforto. Mais informacoes abaixo. Arquivo Nome do Virus Acao Tomada ---------------------------------------------------------------------- cf456922513.att Exploit.IFrame.FileDownloadRemoved other.bat I-Worm.Klez.h Removed Qualquer duvida entre em contato conosco: virus@nanet.com.br (0xx34) 3214-1004 http://www.nanet.com.br ______________________________________________________________________ --T3o34P14408fTuRAOJS Content-Type: application/octet-stream; name=License.txt Content-Transfer-Encoding: base64 Content-ID: QURPQkUNCkVuZCBVc2VyIExpY2Vuc2UgQWdyZWVtZW50DQpQbGVhc2UgcmV0dXJuIGFueSBh Y2NvbXBhbnlpbmcgcmVnaXN0cmF0aW9uIGZvcm0gdG8gcmVjZWl2ZSByZWdpc3RyYXRpb24g aWVzLg0KDQoNCg0KDQpTVkdSZWFkZXJfV1dFVUxBX0VuZ2xpc2hfMDguMDkuMDFfMTE6MTUN Cg0K --T3o34P14408fTuRAOJS-- === My 2nd report === Content-Type: text/plain; charset="iso-8859-1" From: Admin Reply-To: abuse@2002.dolphinwave.org Organization: Private person Subject: [email] Repeating bogus Klez virus warnings: nanet.com.br! [Fwd: E-mail Nanet - Virus removido !] Date: Wed, 4 Sep 2002 13:52:47 +0300 User-Agent: KMail/1.4.1 X-KMail-Link-Message: 141589 X-KMail-Link-Type: forward To: , nanas-sub@cybernothing.org, virus@nanet.com.br, info@nanet.com.br, helpdesk@nanet.com.br, abuse@CTBCTELECOM.NET.BR X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200209041352.51751@2002.dolphinwave.org> Status: RO X-Status: S -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [e-mailed and archived on news.admin.net-abuse.sightings] I repeat again, please, STOP wasting people's time by sending your useless Klez virus reports! Klez forges the "From" headers, and your reports go to absolutely wrong people, who has NOTHING to do with that virus! I DO NOT run Windows and all my computers are completely immune from this stuff! Another such "virus report" from your network, and I will drop your whole [200.170.134.0-200.170.134.255] IP range to my access denied tables, so you wouldn't disturb my network with lame reports anymore. And while you are on it, fix your RFC-required postmaster@nanet.com.br - it bounces as "User unknown". Regards, Alexander Sheremet. DolphinWave.org Admin. My previous request to stop this abuse was archived on NANAS: http://groups.google.com/groups?selm=200208311231.01897%402002.dolphinwave.org ======= postmaster@nanet.com.br has bounced ======= Received: from localhost (localhost) by mail.dolphinwave.org (8.11.6/8.11.6) id g7V9VDf25180; Sat, 31 Aug 2002 12:31:13 +0300 Date: Sat, 31 Aug 2002 12:31:13 +0300 From: Mail Delivery Subsystem Message-Id: <200208310931.g7V9VDf25180@mail.dolphinwave.org> To: ### MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="g7V9VDf25180.1030786273/mail.dolphinwave.org" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) Status: R X-Status: N ----- The following addresses had permanent fatal errors ----- postmaster@nanet.com.br (reason: 550 , Recipient unknown) ----- Transcript of session follows ----- ... while talking to correio.nanet.com.br.: >>> RCPT To: <<< 550 , Recipient unknown 550 5.1.1 postmaster@nanet.com.br... User unknown Attachment: 1 Attachment: 2 ======= Another bogus Klez virus warning, 1st e-mail ======= Received: from nanet.com.br (nanet-232.ctbctelecom.com.br [200.170.134.232]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g8461qW19141 for ; Wed, 4 Sep 2002 09:01:54 +0300 Received: from nanet.com.br [200.170.134.232] by nanet.com.br [200.170.134.232] with RAW (MDaemon.PRO.v5.0.4.R) for ; Wed, 04 Sep 2002 02:52:57 -0300 Date: Wed, 04 Sep 2002 02:52:57 -0300 From: postmaster@nanet.com.br Reply-To: postmaster@nanet.com.br Precedence: bulk Subject: E-mail Nanet - Virus removido ! To: webmaster@dolphinwave.### X-MDaemon-Deliver-To: webmaster@dolphinwave.### Message-ID: Mime-Version: 1.0 X-Actual-From: postmaster@nanet.com.br Content-Type: text/plain; charset=US-ASCII Status: R X-Status: N A mensagem a seguir possuia arquivos anexados com virus. Os mesmos foram removidos: - From : joconnor65@hotmail.com To : webmaster@dolphinwave.### Subject : Means Adobe Systems Incorporated, a Delaware Date : Message-ID: Arquivos Nome do virus Procedimento - ----------------------------------------------------------------------------- - - cf456922513.att Exploit.IFrame.FileDownloadRemoved other.bat I-Worm.Klez.h Removed Qualquer duvida entre em contato conosco: virus@nanet.com.br (0xx34) 3214-1004 http://www.nanet.com.br - ------------------------------------------------------- ======= Another bogus Klez virus warning, 2nd e-mail (with virus!) ======= Received: from nanet.com.br (nanet-232.ctbctelecom.com.br [200.170.134.232]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g8461qW19140 for ; Wed, 4 Sep 2002 09:01:54 +0300 Date: Wed, 4 Sep 2002 09:01:54 +0300 Message-Id: <200209040601.g8461qW19140@mail.dolphinwave.org> Received: from Inoez [24.114.144.149] by nanet.com.br [200.170.134.232] with SMTP (MDaemon.PRO.v5.0.4.R) for ; Wed, 04 Sep 2002 02:52:48 -0300 From: joconnor65 To: webmaster@dolphinwave.### Subject: Means Adobe Systems Incorporated, a Delaware MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=T3o34P14408fTuRAOJS X-MDRemoteIP: 24.114.144.149 X-Return-Path: tracbeludi@nanet.com.br X-MDaemon-Deliver-To: webmaster@dolphinwave.### Status: R X-Status: N - --T3o34P14408fTuRAOJS Content-Type: text/plain ALERTA VIRUS O servidor de e-mail da Nanet detectou que esta mensagem possuia um virus com descricao a seguir e o mesmo foi removido automaticamente para sua seguranca e conforto. Mais informacoes abaixo. Arquivo Nome do Virus Acao Tomada - ---------------------------------------------------------------------- cf456922513.att Exploit.IFrame.FileDownloadRemoved other.bat I-Worm.Klez.h Removed Qualquer duvida entre em contato conosco: virus@nanet.com.br (0xx34) 3214-1004 http://www.nanet.com.br ______________________________________________________________________ - --T3o34P14408fTuRAOJS Content-Type: application/octet-stream; name=License.txt Content-Transfer-Encoding: base64 Content-ID: QURPQkUNCkVuZCBVc2VyIExpY2Vuc2UgQWdyZWVtZW50DQpQbGVhc2UgcmV0dXJuIGFueSBh aWVzLg0KDQoNCg0KDQpTVkdSZWFkZXJfV1dFVUxBX0VuZ2xpc2hfMDguMDkuMDFfMTE6MTUN Cg0K - --T3o34P14408fTuRAOJS-- -----BEGIN PGP SIGNATURE----- Comment: Key ID: 0xAAE2A579 iD8DBQE9deYDAAsPtqripXkRAtBCAJ0c71KPcXrwyLHtTg4PvlIBrrU9MgCfVe5k wxENZI12EjmnL+Gk3Bszjis= =hM+r -----END PGP SIGNATURE-----