SUMMARY: "HI" message // spam/worm/virus - please read headers of suspect mail! :-)

From: Tim Chipman (chipman@ecopiabio.com)
Date: Fri Jan 23 2004 - 09:27:54 EST

• Next message: Gene Siepka: "UPDATE: Crontab file syntax checker?"
• Previous message: Lauri Bettencourt: "SUMMARY: Disk Suite Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just to point out, a recent message submitted the sunmanagers list which
claims to originate from my Email address actually seems to originate in
Brazil [according to the message headers:]

---paste---

Received: from sunportal.sunmanagers.org (localhost [127.0.0.1])
    by sunportal.sunmanagers.org (Postfix) with ESMTP
    id A0C371EE23; Thu, 22 Jan 2004 21:49:33 -0500 (EST)
X-Original-To: sunmanagers@sunmanagers.org
Delivered-To: sunmanagers@sunmanagers.org

[TAKE NOTE OF THIS NEXT LINE]
Received: from wmfontes226170 (200-205-95-10.customer.tdatabrasil.net.br
    [200.205.95.10]) by sunportal.sunmanagers.org (Postfix) with SMTP id
    4E9951E6D9 for <sunmanagers@sunmanagers.org>; Thu, 22 Jan 2004
    21:49:10 -0500 (EST)

Date: Fri, 23 Jan 2004 00:41:31 -0300
To: sunmanagers@sunmanagers.org
From: chipman@ecopiabio.com

---endpaste---

So - I appreciate all the people asking me why I'm spamming the list, or
that I've got a virus which is doing it on my behalf. In fact, neither
is the case [our mail server here blocks all email with suspect
attachments, EXE included -- so it isn't possible for this message to
have originated via my mail server.]

In Closing: PLEASE take the time to examine the headers on fishy
messages like this sent to the list [by anyone!...] They are [clearly]
not always what they seem.

BTW, for those who don't know, this message exhibits the "classic
signature" of the most recent "virus of the week" on windows boxes. You
can read about it here if you wish:

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html

[ IMHO, another reason why all mail servers should block traffic with
exe/pif/vbs/etc etc ... attachments. Sigh. :-) ]

All this being said, also, thanks to those who warned me in earnest that
I had a virus

-Tim Chipman
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Gene Siepka: "UPDATE: Crontab file syntax checker?"
• Previous message: Lauri Bettencourt: "SUMMARY: Disk Suite Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:53 EDT