I Suspect that it is a targetted long term attack
against higher targets
see the one below from march 3,2004
I saw this one the other day
I thought the guys I hosted with wrote better english
Suspicious fromthe start
From - Wed Mar 3 08:48:00 2004
X-UIDL: &jJ"!-ek"!S[/"!8>c!!
X-Mozilla-Status: 1001
X-Mozilla-Status2: 10000000
Return-Path: <lisa4@xxxxxxxxxx>
Received: from techsp05 ([203.177.127.113])
by changed.not (8.10.2/8.9.3) with SMTP id i23CZqe08455
for <me@mydomain>; Wed, 3 Mar 2004 08:35:53 -0400
Date: Wed, 03 Mar 2004 20:43:45 +0800
To: me@mydomain
Subject: Notify about using the e-mail account.
From: noreply@mydomain
Message-ID: <ocsgoycxukouajqfnbr@mydomain>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------iwmrgskpbqjqjvtotrwg"
X-UIDL: &jJ"!-ek"!S[/"!8>c!!
----------iwmrgskpbqjqjvtotrwg
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Dear user of e-mail server "mydomain.xx",
Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.
For details see the attached file.
Attached file protected with the password for security reasons. Password is 55366.
Cheers,
The mydomain team http://www.mydomain
----------iwmrgskpbqjqjvtotrwg
Content-Type: application/octet-stream; name="TextDocument.zap"
Content-Transfer-Encoding: Content-Disposition: attachment;
filename="TextDocument.zap"
some zipped bad file here=
----------iwmrgskpbqjqjvtotrwg--