(I've removed the attachment for safety's sake and the body for brev=
ity.)
I get one of these every few days. The body of the message claims it=
to=20
be a security advisory from Microsoft. It tells the recipient to open the=
=20
attached "patch.exe" file (yeah, right) and click "Yes".
As you can see from the header (below), microsoft.com is no where to=
be=20
found, only "confidence.com". I used "lynx" to visit that website (becaus=
e=20
lynx is pretty darn close to harmless for things like java, etc.) and it=20
appears to be "parked" but not otherwise in use.
I'm guessing the "jyoung314@comcast.net" (see below) is some poor=20
Windows-user that the virus used as a springboard. (Does that mean that=20
jyoung has my email address "announce@rytetyme.com" in their address book=
?=20
Maybe I could send some highly focused advertising to them? Hah!)
Assuming this to be a virus/worm Email, where would I go to get more=
=20
information on it?
Thanks!
Suspect Email header follows:
> Received: (qmail 19388 invoked from network); 18 Sep 2003 23:56:10 -000=
0
> Received: from rwcrmhc13.comcast.net ([204.127.198.39])
> (envelope-sender <jyoung314@comcast.net>)
> by smtp-1-1a.secureserver.net (qmail-ldap-1.03) with SMTP
> for <announce@rytetyme.com>; 18 Sep 2003 23:56:10 -0000
> Date: Thu, 18 Sep 2003 23:55:57 +0000 (GMT)
> X-Comment: Sending client does not conform to RFC822 minimum requiremen=
ts
> X-Comment: Date has been added by Maillennium.
> Received: from udqy (pcp881447pcs.murdoc01.fl.comcast.net[68.56.210.59]=
)
> by comcast.net (rwcrmhc13) with SMTP
> id <2003091823554601500gin18e>; Thu, 18 Sep 2003 23:55:53 +00=
00
> FROM: "MS Security Department" <frfmqjhfjufp-jcdsnib@confidence.com>
> TO: "Partner" <partner.stpuofe@confidence.com>
> SUBJECT: Current Network Critical Patch
> Mime-Version: 1.0
> Content-Type: multipart/mixed;
> boundary=3D"bvlzojlilbcextejg"
> X-Nonspam: None
> Status: R=20
> X-Status: N
--=20
Ed Skinner,
ed@flat5.net,
http://www.flat5.net/
(text/plain)