Re: OT: Re: Virus found in the message

To: debian-user@lists.debian.org
Subject: Re: OT: Re: Virus found in the message
From: Pigeon <jah.pigeon@ukonline.co.uk>
Date: Wed, 20 Aug 2003 19:31:21 +0100
Message-id: <[🔎] 20030820183121.GC313@pigeon.pigeonloft>
In-reply-to: <[🔎] 200308200803.h7K837hR005687@dbmail-mx1.orcon.co.nz>
References: <[🔎] 3F42382E.000091.00752@clean> <[🔎] 200308200803.h7K837hR005687@dbmail-mx1.orcon.co.nz>

On Wed, Aug 20, 2003 at 06:57:22PM +1200, cr wrote:
> Is there a rash of viruses with spoofed origin lines all of a sudden?   
> I had *120* emails in my other email account today (not the one I use on 
> Debian), many of them were Re: Wicked Screensaver.   I thought they were all 
> spam but I guess they were mostly bounce messages - something's been spoofing 
> my (other) email addy.

I think they're connected with that worm that's been giving me lots of
excuses to tell people that Linux is cool :-) I had 15 of them today;
common characteristics being:

Size: approximately 100kB ( * 15 over dialup, AARGH)
Subject: [Re:[Re:]] {Wicked screensaver|Your details|My details|Your application|Thank you!}
X-MailScanner: Found to be clean
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
From: {garbage_name@[hotmail.com|yahoo.com|compuserve.com|netscape.net] |
       garbage_name@garbage_domain | 
	   unsuspecting_schmuck's_name@unsuspecting_schmuck's_domain}
	   
and in many but not all of them:

Received: from ua-dip1.nat.okstate.edu ([139.78.10.73] helo=BHIDE)

I guess okstate.edu is infected with this thing (where is that?
Oklahoma State University?)

Nothing in the headers indicates that a bounce has been involved
anywhere along the chain, typical sample:

> From ayamganas1@yahoo.com Wed Aug 20 18:34:11 2003
> Return-path: <ayamganas1@yahoo.com>
> Envelope-to: pigeon@pigeon.pigeonloft
<local Received: headers snipped>
> Received: from mx1.mail.uk.easynet.net ([195.40.1.235])
> 	by store2.mail.uk.easynet.net with esmtp (Exim 4.10)
> 	id 19pVMh-0006cI-00
> 	for jah.pigeon@ukonline.co.uk; Wed, 20 Aug 2003 16:59:15 +0100
> Received: from ua-dip1.nat.okstate.edu ([139.78.10.73] helo=BHIDE)
> 	by mx1.mail.uk.easynet.net with esmtp (Exim 4.20) id 19pVNh-000E32-HC
> 	for jah.pigeon@ukonline.co.uk; Wed, 20 Aug 2003 17:00:18 +0100
> From: <ayamganas1@yahoo.com>
> To: <jah.pigeon@ukonline.co.uk>
> Subject: Re: Wicked screensaver
> Date: Wed, 20 Aug 2003 10:58:56 --0500
> X-MailScanner: Found to be clean
> Importance: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-MSMail-Priority: Normal
> X-Priority: 3 (Normal)
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> 	boundary="_NextPart_000_0F30A5A7"
> Message-Id: <E19pVNh-000E32-HC@mx1.mail.uk.easynet.net>
> X-Spambayes-Classification: spam; 1.00
> Content-Length: 100777
> Lines: 1323
> 

I suspect that it may not be unconnected with this explosion of large
emails that my dialup has been giving me grief (timeouts attempting to
connect, line dropped for no apparent reason, random extreme slowness)
- guess the ISP is having problems with the traffic?

-- 
Pigeon

Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: pgpCYOh9S8L_t.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: OT: Re: Virus found in the message
  - From: cr <cr@orcon.net.nz>

References:
- Virus found in the message
  - From: virusnotify@gseis.ucla.edu
- OT: Re: Virus found in the message
  - From: cr <cr@orcon.net.nz>

Prev by Date: ftpd
Next by Date: Re: explanation of the noise (was Re: Norton AntiVirus detected and quarantined a virus in a message you sent.)
Previous by thread: Re: OT: Re: Virus found in the message
Next by thread: Re: OT: Re: Virus found in the message
Index(es):
- Date
- Thread