(Sorry Art I know we're not supposed to talk about this on the list). Looks like it's already made the list. I just got a returned message or failure notice for a message I never sent to a "[EMAIL PROTECTED]". The address was spoofed to make me look like the sender. The body.pif file was the intended payload. I traced the header information to the real sender:
Received: from sgrelayg1.core.theplanet.net (195.92.195.145) by indium.smartgroups.com with SMTP; 27 Jan 2004 16:56:18 -0000 Received: from aputeaux-115-1-3-220.w193-251.abo.wanadoo.fr ([193.251.71.220]
Bruno Drouet is the owner of this domain. Not sure if he's the owner of the IP address though.
Beware out there and update your virus programs!
Dave
mark ford wrote:
There is a particularly nasty virus doing the rounds at the moment
Called W32/[EMAIL PROTECTED]
If you see anything that matches the following, delete it:
From: (spoofed email sender) - to spoof (v): to fool. In this context, it means the message may appear to come from someone you know. It probably didn't.
Subject: any of the following... Error Status Server Report Mail Transaction Failed Mail Delivery System hello hi
Body: any of the following... The message cannot be represented in 7-bit ascii encoding and has been sent as a binary attachment The message contains Unicode characters and has been sent as a binary attachment Mail transaction failed. Partial message is available Attachment: any of the following, but can be random... doc.bat document.zip message.zip readme.zip text.pif hello.cmd body.scr test.htm.pif data.txt.exe file.scr
The attachment icon will make it look like a text file. Don't open it.
If in doubt, chuck it out!
Regards, MARK
______________________________________________ Meteorite-list mailing list [EMAIL PROTECTED] http://www.pairlist.net/mailman/listinfo/meteorite-list
______________________________________________ Meteorite-list mailing list [EMAIL PROTECTED] http://www.pairlist.net/mailman/listinfo/meteorite-list
