evAlert: eventId=1061683210900575756 severity=high

originator:

hostId: alpha-psi.telkomsa.net

appName: sensorApp

appInstanceId: 1086

time: 2004/02/10 12:04:42 2004/02/10 12:06:42 GMT2

interfaceGroup: 0

vlan: 888

signature: sigId=3132 sigName=Novarg / Mydoom Virus Mail Attachment subSigId=0 version=S67 .doc / .scr / .pif / .exe / .cmd

context:

fromVictim:

000000 32 32 30 20 57 65 6C 63 6F 6D 65 20 74 6F 20 74 220 Welcome to t

000010 68 65 20 54 65 6C 6B 6F 6D 53 41 20 53 4D 54 50 he TelkomSA SMTP

000020 20 53 65 72 76 65 72 2E 20 45 53 4D 54 50 0D 0A Server. ESMTP..

000030 32 35 30 2D 57 65 6C 63 6F 6D 65 20 74 6F 20 74 250-Welcome to t

000040 68 65 20 54 65 6C 6B 6F 6D 53 41 20 53 4D 54 50 he TelkomSA SMTP

000050 20 53 65 72 76 65 72 2E 0D 0A 32 35 30 2D 50 49 Server...250-PI

000060 50 45 4C 49 4E 49 4E 47 0D 0A 32 35 30 2D 41 55 PELINING..250-AU

000070 54 48 3D 4C 4F 47 49 4E 20 50 4C 41 49 4E 0D 0A TH=LOGIN PLAIN..

000080 32 35 30 2D 41 55 54 48 20 4C 4F 47 49 4E 20 50 250-AUTH LOGIN P

000090 4C 41 49 4E 0D 0A 32 35 30 2D 53 49 5A 45 20 31 LAIN..250-SIZE 1

0000A0 30 34 38 35 37 36 30 0D 0A 32 35 30 20 38 42 49 0485760..250 8BI

0000B0 54 4D 49 4D 45 0D 0A 32 35 30 20 6F 6B 0D 0A 32 TMIME..250 ok..2

0000C0 35 30 20 6F 6B 0D 0A 33 35 34 20 67 6F 20 61 68 50 ok..354 go ah

0000D0 65 61 64 0D 0A ead..

fromAttacker:

000000 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

000010 41 41 41 41 41 0D 0A 41 41 41 41 41 41 41 41 41 AAAAA..AAAAAAAAA

000020 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

000030 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

000040 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

000050 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

000060 41 41 41 0D 0A 41 41 41 41 41 41 41 41 41 41 41 AAA..AAAAAAAAAAA

000070 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

000080 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

000090 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

0000A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

0000B0 41 0D 0A 41 41 41 41 41 41 41 41 41 41 41 41 41 A..AAAAAAAAAAAAA

0000C0 41 41 41 41 41 41 41 41 41 41 41 4D 53 34 79 4E AAAAAAAAAAAMS4yN

0000D0 41 42 56 55 46 67 68 44 41 6B 43 43 55 68 2B 69 ABVUFghDAkCCUh+i

0000E0 59 2F 55 4E 68 79 42 4B 5A 59 41 41 46 4E 4F 41 Y/UNhyBKZYAAFNOA

0000F0 41 41 41 67 41 41 41 4A 67 45 41 78 65 36 48 0D AAAgAAAJgEAxe6H.

participants:

attack:

attacker: proxy=false

addr: locality=OUT 131.165.141.33

port: 2145

victim:

addr: locality=OUT ***.****.***.***

port: 25

actions:

shunRequested: true

alertDetails: Traffic Source: int7 ;