From: Jonathan Davis (jonathan.davis@lineone.net)
Date: Tue Sep 02 2003 - 11:52:55 MDT
Hi Blunderlov,
Don't worry about it. This is the Sobig.e worm spoofing your address
elsewhere. It is part of its normal behaviour, You can safely ignore these
returned messages as they are not evidence that you are infected.
You can read more here:
http://in.tech.yahoo.com/030626/137/25gzb.html
Regards
Jonathan
-----Original Message-----
From: owner-virus@lucifer.com [mailto:owner-virus@lucifer.com] On Behalf Of
Blunderov
Sent: 02 September 2003 18:32
To: virus@lucifer.com
Subject: RE: virus: Appeal for advice
This is nothing to do with virus but I thought I would just ask anyway:
I have been getting a lot of mail returned to me as undeliverable. The
trouble is I never sent out the mail which is being returned to me. Some
mail is entitled 'that movie', a title which I have never used, some is
entitled 'my details' which IS a title I have used sometimes in my former
scambaiting activities.
I have checked and rechecked my machine for all worms and viruses - I'm
clean. In fact I have completely reformatted ALL my drives and reinstalled
from scratch just in case I had unknown malevolent code somewhere.
Is someone using my address somehow? ( I have another web based address,
besides my mweb address; citizenx@postmaster.co.uk) I'm quite puzzled about
what is going on. Probably it is a coincidence but quite a number of the
returned mails have been addressed to military addresses which is somewhat
alarming.
Here is a sample. I have never sent any mail entitled 'Your application'
to anyone, let only anyone in the US Military.
<q>
Received: from akomta3 (proxyip8.us.army.mil [140.183.234.122]) by
rly-yc04.mx.aol.com (v95.1) with ESMTP id MAILRELAYINYC42-1ce3f533cdfbb;
Mon, 01 Sep 2003 08:34:39 -0400
Received: from mailrouter.us.army.mil (akomta3 [10.234.26.13]) by
mailrouter.us.army.mil (AKO MTA - MTA3) with ESMTP id
<0HKJ00G6KC9QWL@akomta3.us.army.mil> for cjones2420@aol.com (ORCPT
clifford.byrd@us.army.mil); Mon, 01 Sep 2003 08:34:39 -0400
(EDT)
Received: from DOLLY (adsl-67-65-239-156.dsl.lbcktx.swbell.net
[67.65.239.156])
by mailrouter.us.army.mil (AKO MTA - MMP3) with ESMTP id
<0HKJ00953C83V7@mailrouter.us.army.mil> for cjones2420@aol.com (ORCPT
clifford.byrd@us.army.mil); Mon, 01 Sep 2003 08:34:38 -0400
(EDT)
Date: Mon, 01 Sep 2003 07:33:45 +0500
From: squooker@mweb.co.za
Subject: Re: Your application
To: clifford.byrd@us.army.mil
Message-id: <0HKJ00956C83V7@mailrouter.us.army.mil>
MIME-version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: multipart/mixed;
boundary="Boundary_(ID_AxgRPz7g1BODm9AIwm7CxA)"
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-MailScanner: Found to be clean
X-AOL-IP: 140.183.234.122
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
</q>
All of which is Greek to me, or nearly so. I would be most grateful to any
virus boffin who has the time and is able to give me some advice about all
this.
Thanks
Blunderov
--- To unsubscribe from the Virus list go to <http://www.lucifer.com/cgi-bin/virus-l> --- To unsubscribe from the Virus list go to <http://www.lucifer.com/cgi-bin/virus-l>
This archive was generated by hypermail 2.1.5 : Tue Sep 02 2003 - 11:53:03 MDT