Loading ...
Sorry, an error occurred while loading the content.

Re: TEST//Dont do it!!

Expand Messages
  • H. Phil Duby
    Specifically the new Novarg virus. My mail server filtered it, so I can not even see where it really came from. The virus spoofs the from information, so the
    Message 1 of 3 , Jan 30, 2004
    • 0 Attachment
      Specifically the new Novarg virus. My mail server filtered it, so I can not
      even see where it really came from. The virus spoofs the from information,
      so the actual headers are needed to figure out where to report the problem.

      ----- Original Message -----
      From: "Amos" <amos@...>
      To: <dist-gen@...>
      Sent: Thursday, January 29, 2004 11:11 PM
      Subject: Re: TEST//Dont do it!!


      >
      > Don't open this file. Could have a bug...
      >
      > Walter AMOS
      >
      > ----- Original Message -----
      > From: <militaryadvantage119987@...>
      > To: <dist-gen@...>
      > Sent: Thursday, January 29, 2004 10:26 PM
      > Subject: TEST
      >
      >
      > >
      > >
      > >
      >
      > http://www.afhs.ab.ca
      >
      >


      http://www.afhs.ab.ca
    • Xenia Stanford
      I now scan all messages with attachments before opening because my computer was infected by opening an attachment to a message with a subject line that made
      Message 2 of 3 , Jan 30, 2004
      • 0 Attachment
        I now scan all messages with attachments before opening because my computer
        was infected by opening an attachment to a message with a subject line that
        made sense in context and from a reliable source known to me. The problem is
        her email address had been spoofed. I received another one today from
        another well-known contact of mine with the subject line: Speakers needed
        for an event. Who would suspect any problem but upon running the virus scan
        it turned out to be infected with MyDoom virus. When I ran the scan it
        showed up the message to distgen as containing the same virus W32/MyDoom-A,
        also known as Mimail.R, Novarg.A, Shimg, W32.Novarg.A@mm, W32/Mydoom@MM

        Since the email address (vmalliance.com) from which it was sent is a
        legitimate one, it was probably spoofed.

        Here are the headers from the message with my personal email forwarding
        addresses removed:

        Return-Path: <owner-dist-gen@...>
        Received: from mail41.megamailservers.com ([216.251.36.41])
        by priv-edtnes44.telusplanet.net
        (InterMail vM.6.00.05.02 201-2115-109-103-20031105) with ESMTP
        id
        <20040130054002.IZHT1641.priv-edtnes44.telusplanet.net@...
        s.com>

        Received: from 3r2.tera-byte.com (3r2.tera-byte.com [216.194.64.190])
        by mail41.megamailservers.com (8.12.10/8.12.9) with ESMTP id i0U5e2LQ000452

        Received: (from mail@localhost)
        by 3r2.tera-byte.com (8.10.2/8.10.2) id i0U5WAU02588
        for dist-gen_site62-list; Thu, 29 Jan 2004 22:32:10 -0700
        Received: from vmalliance.com (h66-244-234-153.bigpipeinc.com
        [66.244.234.153] (may be forged))
        by afhs.ab.ca (8.10.2/8.10.2) with ESMTP id i0U5W8602584
        for <dist-gen@...>; Thu, 29 Jan 2004 22:32:09 -0700
        Message-Id: <200401300532.i0U5W8602584@...-byte.com>
        From: militaryadvantage119987@...
        To: dist-gen@...
        Subject: TEST
        Date: Thu, 29 Jan 2004 22:26:23 -0700
        MIME-Version: 1.0
        Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_0003_F76BBE8B.E8937CEA"
        X-Priority: 3
        X-MSMail-Priority: Normal
        Sender: owner-dist-gen@...
        Precedence: bulk
        Reply-To: dist-gen@..., militaryadvantage119987@...


        http://www.afhs.ab.ca
      • H. Phil Duby
        Xenia, I have my virus program (Norton AntiVirus) configured to scan all emails as they come in, before they get to my inbox. Even emails without attachments
        Message 3 of 3 , Jan 30, 2004
        • 0 Attachment
          Xenia,

          I have my virus program (Norton AntiVirus) configured to scan all emails as
          they come in, before they get to my inbox. Even emails without attachments
          can have nasty stuff. I also use spampal to filter the obvious junk mails.
          That has additional options to check for and repair some things that the
          virus checker does not block, especially with html emails. Depending on
          your mail reader, you may not be at risk for the 'extra' threats.

          The email with the virus came from a bigpipe.com account
          h66-244-234-153.bigpipeinc.com [66.244.234.153] .
          I sent a report. The user may be on the list. If the above looks familiar,
          you should check your machine for viruses.

          ----- Original Message -----
          From: "Xenia Stanford" <president@...>
          To: <dist-gen@...>
          Sent: Friday, January 30, 2004 12:10 PM
          Subject: RE: TEST//Dont do it!!


          > I now scan all messages with attachments before opening because my
          computer
          > was infected by opening an attachment to a message with a subject line
          that
          > made sense in context and from a reliable source known to me. The problem
          is
          > her email address had been spoofed. I received another one today from
          > another well-known contact of mine with the subject line: Speakers needed
          > for an event. Who would suspect any problem but upon running the virus
          scan
          > it turned out to be infected with MyDoom virus. When I ran the scan it
          > showed up the message to distgen as containing the same virus
          W32/MyDoom-A,
          > also known as Mimail.R, Novarg.A, Shimg, W32.Novarg.A@mm, W32/Mydoom@MM
          >
          > Since the email address (vmalliance.com) from which it was sent is a
          > legitimate one, it was probably spoofed.
          >
          > Here are the headers from the message with my personal email forwarding
          > addresses removed:
          >
          > Return-Path: <owner-dist-gen@...>
          > Received: from mail41.megamailservers.com ([216.251.36.41])
          > by priv-edtnes44.telusplanet.net
          > (InterMail vM.6.00.05.02 201-2115-109-103-20031105) with ESMTP
          > id
          >
          <20040130054002.IZHT1641.priv-edtnes44.telusplanet.net@...
          > s.com>
          >
          > Received: from 3r2.tera-byte.com (3r2.tera-byte.com [216.194.64.190])
          > by mail41.megamailservers.com (8.12.10/8.12.9) with ESMTP id
          i0U5e2LQ000452
          >
          > Received: (from mail@localhost)
          > by 3r2.tera-byte.com (8.10.2/8.10.2) id i0U5WAU02588
          > for dist-gen_site62-list; Thu, 29 Jan 2004 22:32:10 -0700
          > Received: from vmalliance.com (h66-244-234-153.bigpipeinc.com
          > [66.244.234.153] (may be forged))
          > by afhs.ab.ca (8.10.2/8.10.2) with ESMTP id i0U5W8602584
          > for <dist-gen@...>; Thu, 29 Jan 2004 22:32:09 -0700
          > Message-Id: <200401300532.i0U5W8602584@...-byte.com>
          > From: militaryadvantage119987@...
          > To: dist-gen@...
          > Subject: TEST
          > Date: Thu, 29 Jan 2004 22:26:23 -0700
          > MIME-Version: 1.0
          > Content-Type: multipart/mixed;
          > boundary="----=_NextPart_000_0003_F76BBE8B.E8937CEA"
          > X-Priority: 3
          > X-MSMail-Priority: Normal
          > Sender: owner-dist-gen@...
          > Precedence: bulk
          > Reply-To: dist-gen@..., militaryadvantage119987@...
          >
          >
          > http://www.afhs.ab.ca
          >


          http://www.afhs.ab.ca
        Your message has been successfully submitted and would be delivered to recipients shortly.