What is this e-mail?
George Toft
plug-discuss@lists.plug.phoenix.az.us
Mon, 26 Aug 2002 22:39:01 -0400
The answer is at the bottom.
Lee Einer wrote:
>
> Hi, all-
>
> I just got an e-mail returned to me by postmaster@cox.net, but I didn't
> send the e-mail in question. The e-mail source is as follows- and there
> was apparently a file attached- what is this? Why am I getting returned
> e-mail which I never sent?
>
> >From - Mon Aug 26 10:24:17 2002
> X-UIDL: <E17jTcw-00037E-00@harrier.mail.pas.earthlink.net>
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-Path: <srrico@earthlink.net>
> Received: from harrier.mail.pas.earthlink.net ([207.217.120.12])
> by fed1mtai02.cox.net
> (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP
> id <20020826235107.SLNO24000.fed1mtai02.cox.net@harrier.mail.pas.earthlink.net>
> for <appealsman@cox.net>; Mon, 26 Aug 2002 19:51:07 -0400
> Received: from user-33qtm4t.dialup.mindspring.com ([199.174.216.157] helo=Pankdc)
> by harrier.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
> id 17jTcw-00037E-00
> for appealsman@cox.net; Mon, 26 Aug 2002 16:50:35 -0700
> From: postmaster <postmaster@cox.net>
> To: appealsman@cox.net
> Subject: Undeliverable mail--"inserting missing "
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary=MR8491G3GqS58vN8a5S037x2101Kl10
> Message-Id: <E17jTcw-00037E-00@harrier.mail.pas.earthlink.net>
> Date: Mon, 26 Aug 2002 16:50:35 -0700
>
> --MR8491G3GqS58vN8a5S037x2101Kl10
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> <HTML><HEAD></HEAD><BODY>
>
> <FONT>The following mail can't be sent to 24C01AA0AD6@its-pharm.vcp.monash.edu.au:<br>
> <br>
> From: appealsman@cox.net<br>
> To: 24C01AA0AD6@its-pharm.vcp.monash.edu.au<br>
> Subject: inserting missing <br>
> The file is the original mail</FONT></BODY></HTML>
>
> --MR8491G3GqS58vN8a5S037x2101Kl10
> Content-Type: application/octet-stream;
> name=size.scr
^^^^^^^^^^^^^
My guess is a klez (or similar) worm. It sends out mail to people and
spoofs the mail as being from someone in the victim's outlook address
book. I was the spoofee a few weeks ago and someone notified me that I
was sending out viruses. Heh, not very likely.
George