Security Basics mailing list archives

Re: Returned Mails

From: khayes () eastbay com
Date: Tue, 27 Apr 2004 22:51:01 -0500


Another option you may want to consider is that the virus has tacked your
name into the REPLY-TO field in the SMTP header.    I'm receiving around
3000-4000 e-mails a day being received through our firewall for accounts I
KNOW are no longer being used.  While some of them are just spam, a
considerable number of them are return messages stating the original
message had a virus infection.


Ken Hayes
Network Administrator
Eastbay / Footlocker.com
khayes () eastbay com



|---------+--------------------------->
|         |                           |
|         |                           |
|         |                           |
|         |                           |
|         |                           |
|         |   Guru4u Support          |
|         |   <support () guru4u co uk>  |
|         |                           |
|         |   04/26/2004 12:55 PM     |
|---------+--------------------------->

------------------------------------------------------------------------------------------------------------------------------|

  |                                                                                                                     
         |
  |                                                                                                                     
         |
  |                                                                                                                     
         |
  |To:     security-basics () securityfocus com                                                                         
            |
  |cc:                                                                                                                  
         |
  |Subject:  Returned Mails                                                                                             
         |
  |                                                                                                                     
         |

------------------------------------------------------------------------------------------------------------------------------|





Hi,

This is probably a stupid question but I could do with some confirmation
of what I think is happening. I've been receiving a lot of 'return' emails
claiming
they have been returned as I have a virus. Example below:


A virus was found in a message sent by this
account.

--- Scan information follows ---

Result: Virus Detected
Virus Name: W32.Netsky.C@mm
File Attachment: posting.txt.com
Attachment Status: deleted

--- Original message information follows ---

From: *************@guru4u.co.uk
To: ********.com
Date: Fri, 23 Apr 2004 23:32:12 +0100
Subject: SPAM: the truth?
Received: from netcel.com ([80.42.154.232])
 by nospam.netcel.com (SAVSMTP 3.1.0.29) with SMTP id M2004042323185126674
 for ********.com>; Fri, 23 Apr 2004 23:18:52 +0100



I have up to now guessed these were down to 'someone' else's pc infected
with netsky or mydoom but after a lull I have been bombarded with loads
of such mails over the course of the day.

I would just like some reassurance that this is indeed due to other
people infected boxes rather mine. I have of course run several full
system scans with Norton av with the latest definitions etc and do use a
firewall, Spybot etc.

I've googled and this starts to confirm my suspicions but isn't
authorative.

Thanks in advance,

Guru



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less

to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------







---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Returned Mails Guru4u Support (Apr 26)
- Re: Returned Mails Eric Paynter (Apr 27)
- Re: Returned Mails Paul Kurczaba (Apr 27)
- RE: Returned Mails Mike (Apr 27)
- Re: Returned Mails JEREMY Anderson (Apr 27)
- Re: Returned Mails Murad Talukdar (Apr 27)
- RE: Returned Mails Jason Haith (Apr 27)
- Re: Returned Mails Guru4u Support (Apr 27)
- Re: Returned Mails khayes (Apr 28)
- <Possible follow-ups>
- RE: Returned Mails Ricardo Saramago (Apr 27)