Web Hosting Talk






PDA

View Full Version : Viruses

fractiousws
06-12-2002, 03:31 PM
Return-path: <info@earhost.com>
Received: from dns.whirlwind.nl ([216.98.134.254])
by photon.cpanel.net with esmtp (Exim 3.34 #1)
id 17ICuA-0007Ud-00
for beta@cpanel.net; Wed, 12 Jun 2002 14:31:39 -0400
Received: from Gkbbby (cp45346-a.mill1.lb.nl.home.com [217.121.24.9])
by dns.whirlwind.nl (8.10.2/8.10.2) with SMTP id g5CIVDW06561
for <beta@cpanel.net.>; Wed, 12 Jun 2002 20:31:13 +0200
Date: Wed, 12 Jun 2002 20:31:13 +0200
Message-Id: <200206121831.g5CIVDW06561@dns.whirlwind.nl>
From: arcticblades <arcticblades@hotmail.com>
To: beta@cpanel.net
Subject: A nice game
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=T2CCK51545jZ9R

--T2CCK51545jZ9R
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

This is the header from the emails I keep getting from sombody putting my emails in the from field. These guys are trying to send viruses using my email. I belive they are coming from arcticblades@hotmail.com according to the mail header. Can anyone confirm this? Thanks.
okihost
06-12-2002, 03:52 PM
I have been the same thing.. only not someone getting them from my email but someone sending them to me personally at my email address.. usually with a .scr or .exe attached.. only 2 so far but it just seemed odd that it was addressed to me and on undisclosed.recipents address.
JKLIVIN
06-12-2002, 06:27 PM
on a side note, one of our companies began using mailwasher.net you might check it out, expensive, but it works really well
Chicken
06-12-2002, 06:54 PM
Originally posted by fractiousws
This is the header from the emails I keep getting from sombody putting my emails in the from field. These guys are trying to send viruses using my email. I belive they are coming from arcticblades@hotmail.com according to the mail header. Can anyone confirm this? Thanks.
James, as I mentioned last time, but put anotehr way...

There is a machine that is infected. On this machine is an address book. The virus sends itself out, randomly picking an address in the address book of the infected machine and slapping it in the from and reply field. It looks as if you sent it.

You didn't send it. The only clue as to which machine is infected and sent out the emails is:

Received: from Gkbbby (cp45346-a.mill1.lb.nl.home.com [217.121.24.9])
by dns.whirlwind.nl (8.10.2/8.10.2) with SMTP id g5CIVDW06561
for <beta@cpanel.net.>; Wed, 12 Jun 2002 20:31:13 +0200
Date: Wed, 12 Jun 2002 20:31:13 +0200
Message-Id: <200206121831.g5CIVDW06561@dns.whirlwind.nl>

That is where it came from, etc. Ignore the email adresses, and ignore the fact that it looks like it came from you, none of that matters. The onyl thing putting your address on the email is the virus and the only way it got your address was from randomly picking it from the addresses book of the infected machine. No one is sending viruses using your email (not exactly).