[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Sun May 2 15:08:46 2004 -->
- <!--x-from-r13: znvyvatyvfgf ng flaona.pbz (Szvy B. [na) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Virus and email header question -->
- <li><em>date</em>: Sun May 2 15:08:46 2004</li>
- <li><em>from</em>: mailinglists at synban.com (Emil P. Man)</li>
- <li><em>in-reply-to</em>: <<a href="msg00011.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00011.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Virus and email header question</li>
>I have been getting repeated virus emails from, ostensibly from one of my
>customers. The kicker is, she's a mac user and the viruses being sent are
>of the PC variety. Given that I use Macs and Linux I am not terribly
>troubled about the virus part.
>
>However, two things concern me. First, the subject lines are all in
>regards to site updates. This could mean that they have simply done their
>homework and know that I host a site for her. The other thing is the headers:
>
>------------------ RFC822 Header Follows ------------------
>Return-Path: <cvaleallen at earthlink.net>
>Delivered-To: 8-shogun at 12ftguru.com
>Received: (qmail 475 invoked from network); 1 May 2004 13:13:21 -0000
>Received: from node-c-0aaa.a2000.nl (HELO f3f9i9.net) (62.194.10.170)
> by server1.jimmyether.com with SMTP; 1 May 2004 13:13:21 -0000
>
>
First of all here, you will see received from node-c-0aaa.a200.nl and
the IP... It seems that your Qmail MTA got the e-mail from that IP addy.
I have also received e-mail from "myself" and from my own domain before,
saying that I am experiencing problems with my MTA something that I
wasn't aware of... lol.. It's a worm that has been circulating around
for a while. I wouldn't be worried about it. Bob Toxen knows the
specifics of this worm, I am not that familiar with it, but I know it's
a Windows worm and that I have received it several times. Mostly from
windows people that have me on their outlook contact list.
Also I did a whois on the IP above from The Netherlands. I am guessing
that his machine is infected and his MTA is wide open and sending out
e-mails that you are receiving. Actually just nmaped his machine and he
probably fixed his MTA issue now.
EMIL
----cut here-----
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00011" href="msg00011.html">[ale] Virus and email header question</a></strong>
<ul><li><em>From:</em> shogun at 12ftguru.com (John Clark)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00043.html">[ale] SuSE 9.1 pricey?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00045.html">[ale] Remote X</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00011.html">[ale] Virus and email header question</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00013.html">[ale] Suse Community Purchase - Update</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00044"><strong>Date</strong></a></li>
<li><a href="threads.html#00044"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>