Has anyone else received a virus coming through their installation lately? I realize that the message is actually a resend of a 'original' (or better yet, spoofed) message. But the Attachment Type (message.scr) is still not permitted. Is it because of the the obfuscation of the message, or is there more filtering that was required in order to capture this email?
While I can repeat this one message getting through the MD Scanner (although it is correctly detected as spam) and receive a warning from my PC Scanner, I don't want to rely on my Laptop's AntiVirus Scanner. I am wondering if the assortment of Mime-Types is the Latest formula from our friends the Hackers. Here is part of the original message for the formatting information:
From - Sat May 29 01:26:26 2004
X-UIDL: 40b81caf0000001a
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <[EMAIL PROTECTED]>
Received: from server43.totalchoicehosting.com (server43.totalchoicehosting.com
[209.51.157.42])
by ns.ABS-CompTech.com (8.12.10/8.12.10) with ESMTP id i4T5Kvvp010138
for <[EMAIL PROTECTED]>; Sat, 29 May 2004 01:20:58 -0400
Received: from mailnull by server43.totalchoicehosting.com with local (Exim 4.34
)
id 1BTpey-00073b-Pf
for [EMAIL PROTECTED]; Fri, 28 May 2004 18:17:04 -0400
X-Failed-Recipients: [EMAIL PROTECTED]
Auto-Submitted: auto-generated
From: Mail Delivery System <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Mail delivery failed: returning message to sender
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 28 May 2004 18:17:04 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any ab
use report
X-AntiAbuse: Primary Hostname - server43.totalchoicehosting.com
X-AntiAbuse: Original Domain - abs-comptech.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Source:
X-Source-Args:
X-Source-Dir:
X-SPAM-Checked-by: www.No-JunkMail.com
X-SPAM-Checked-by: The SPAM Zapper tm
Status:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[EMAIL PROTECTED] This message has been rejected because it has a potentially executable attachment "message.scr" This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
Return-path: <[EMAIL PROTECTED]>
Received: from [66.153.141.82] (helo=timebrush.com)
by server43.totalchoicehosting.com with esmtp (Exim 4.34)
id 1BTpev-0006u4-0R
for [EMAIL PROTECTED]; Fri, 28 May 2004 18:17:04 -0400
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Mail Delivery (failure [EMAIL PROTECTED])
Date: Fri, 28 May 2004 18:17:03 -0400
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: NormalThis is a multi-part message in MIME format.
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_001C_01C0CA80.6B015D10"------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>If the message will not displayed automatically,<br>
follow the link to read the delivered message.<br><br>
Received message is available at:<br>
<a href=3Dcid:[EMAIL PROTECTED] height=3D0 width=3D0>ww
w.timebrush.com/inbox/webmaster/read.php?sessionid-27050</a>
<iframe
src=3Dcid:[EMAIL PROTECTED] height=3D0 width=3D0></ifra
me>
<DIV> </DIV></BODY></HTML>
------=_NextPart_001_001C_01C0CA80.6B015D10--
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: audio/x-wav;
name="message.scr"
Content-Transfer-Encoding: base64
Content-ID:<[EMAIL PROTECTED]>TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA <snip> Vp96R29mUudzUXVyY582Tzqpaw1iYWQWEElpbrZueko9dE2+ZClsXbMiRvFweUlSm+R0RkTA JFfBa293c0TfPuRj+ep5pTmgLRROYW1MhlBy8PJk45xMc2p2H0xpYjtTLz5UUJNDz+5uNA0Y TGG8RXLcXOvFjE11CHjMTgMAAAAAAAAAAAAAAAAA
------=_NextPart_000_001B_01C0CA80.6B015D10--
--
Albert E. Whale, CISSP - Sr. Security, Network, and Systems Consultant
--------------------------------------------------------------------------------
http://www.abs-comptech.com & http://www.No-JunkMail.com ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
SPAM Zapper - www.No-JunkMail.com - SPAM Stops Here.
Founding Board of Directors of Pittsburgh FBI - InfraGard
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
