What is this e-mail?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MLee Einer at <-
MVictor Odhner at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft
Date:  
Subject: What is this e-mail?
The answer is at the bottom.

Lee Einer wrote:
>
> Hi, all-
>
> I just got an e-mail returned to me by , but I didn't
> send the e-mail in question. The e-mail source is as follows- and there
> was apparently a file attached- what is this? Why am I getting returned
> e-mail which I never sent?
> 
> >From - Mon Aug 26 10:24:17 2002
> X-UIDL: <>
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-Path: <>
> Received: from harrier.mail.pas.earthlink.net ([207.217.120.12])
>           by fed1mtai02.cox.net
>           (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP
>           id <>
>           for <>; Mon, 26 Aug 2002 19:51:07 -0400
> Received: from user-33qtm4t.dialup.mindspring.com ([199.174.216.157] helo=Pankdc)
>         by harrier.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
>         id 17jTcw-00037E-00
>         for ; Mon, 26 Aug 2002 16:50:35 -0700
> From: postmaster <>
> To: 
> Subject: Undeliverable mail--"inserting missing "
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>         boundary=MR8491G3GqS58vN8a5S037x2101Kl10
> Message-Id: <>
> Date: Mon, 26 Aug 2002 16:50:35 -0700

>
> --MR8491G3GqS58vN8a5S037x2101Kl10
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> <HTML><HEAD></HEAD><BODY>
>
> <FONT>The following mail can't be sent to :<br>
> <br>
> From: <br>
> To: <br>
> Subject: inserting missing <br>
> The file is the original mail</FONT></BODY></HTML>
> 
> --MR8491G3GqS58vN8a5S037x2101Kl10
> Content-Type: application/octet-stream;
>         name=size.scr

          ^^^^^^^^^^^^^
My guess is a klez (or similar) worm.  It sends out mail to people and
spoofs the mail as being from someone in the victim's outlook address
book.  I was the spoofee a few weeks ago and someone notified me that I
was sending out viruses.  Heh, not very likely.


George

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Mozilla *is* a platformOrder Your Plug Tshirts Now!->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)