Security Basics mailing list archives
Re: Returned Mails
From: khayes () eastbay com
Date: Tue, 27 Apr 2004 22:51:01 -0500
Another option you may want to consider is that the virus has tacked your name into the REPLY-TO field in the SMTP header. I'm receiving around 3000-4000 e-mails a day being received through our firewall for accounts I KNOW are no longer being used. While some of them are just spam, a considerable number of them are return messages stating the original message had a virus infection. Ken Hayes Network Administrator Eastbay / Footlocker.com khayes () eastbay com |---------+---------------------------> | | | | | | | | | | | | | | | | | Guru4u Support | | | <support () guru4u co uk> | | | | | | 04/26/2004 12:55 PM | |---------+--------------------------->
------------------------------------------------------------------------------------------------------------------------------|
| | | | | | |To: security-basics () securityfocus com | |cc: | |Subject: Returned Mails | | |
------------------------------------------------------------------------------------------------------------------------------|
Hi, This is probably a stupid question but I could do with some confirmation of what I think is happening. I've been receiving a lot of 'return' emails claiming they have been returned as I have a virus. Example below: A virus was found in a message sent by this account. --- Scan information follows --- Result: Virus Detected Virus Name: W32.Netsky.C@mm File Attachment: posting.txt.com Attachment Status: deleted --- Original message information follows --- From: *************@guru4u.co.uk To: ********.com Date: Fri, 23 Apr 2004 23:32:12 +0100 Subject: SPAM: the truth? Received: from netcel.com ([80.42.154.232]) by nospam.netcel.com (SAVSMTP 3.1.0.29) with SMTP id M2004042323185126674 for ********.com>; Fri, 23 Apr 2004 23:18:52 +0100 I have up to now guessed these were down to 'someone' else's pc infected with netsky or mydoom but after a lull I have been bombarded with loads of such mails over the course of the day. I would just like some reassurance that this is indeed due to other people infected boxes rather mine. I have of course run several full system scans with Norton av with the latest definitions etc and do use a firewall, Spybot etc. I've googled and this starts to confirm my suspicions but isn't authorative. Thanks in advance, Guru --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Returned Mails Guru4u Support (Apr 26)
- Re: Returned Mails Eric Paynter (Apr 27)
- Re: Returned Mails Paul Kurczaba (Apr 27)
- RE: Returned Mails Mike (Apr 27)
- Re: Returned Mails JEREMY Anderson (Apr 27)
- Re: Returned Mails Murad Talukdar (Apr 27)
- RE: Returned Mails Jason Haith (Apr 27)
- Re: Returned Mails Guru4u Support (Apr 27)
- Re: Returned Mails khayes (Apr 28)
- <Possible follow-ups>
- RE: Returned Mails Ricardo Saramago (Apr 27)