[TechAssist] Re: Is this a legitimate V*rus warning?

Bil, I keep getting the Netsky vir*s every day about 25 times a day and
quite often the title is something regarding a vir*s alert. They are
tricky, in that instead of naming Norton Antivirus, they call it
something similar such as Morman Antivirus. They try to make the message
appear as though it came right from Symantec with an attachment
containing the latest virus definitions (which is really the vir*s, of
course)





Gary McCartney

McCartney Electronics
Guelph Ontario Canada 
Est. 1984
email: gary (at) number63.ca






Bil Green wrote:
> 
> Has anyone received a message like this one? Since viruses often
> grab your address from someone else's address book, why would an
> autoresponder bother to send you this type of warning? Of course
> I scan by system regularly and my antiv*rus is updated more than
> once per day lately (and has been cleaning every single infected
> attachment)
> 
> I did a search for this warning and e-mail address before posting
> this. No mention of it being bogus. BTW, I have been trying to
> send this e-mail out and it won't go. Deleted a long string of
> letters at the bottom of the message. Maybe this time it will work.
> 
> From: SpamAssassin <postmaster@xxxxxxx>
> Subject: VIRUS (W32/Bagle.aa@MM) IN MAIL FROM YOU
> 
> VIRUS ALERT
> 
> Our content checker found
>     virus: W32/Bagle.aa@MM
> in your email to the following recipients:
> -> Nesdanet@xxxxxxx
> -> archive@xxxxxxx
> 
> Please check your system for viruses,
> or ask your system administrator to do so.
> 
> Delivery of the email was stopped!
> 
> For your reference, here are headers from your email:
> ------------------------- BEGIN HEADERS -----------------------------
> Received: from fw5in.ued.net (fw5in.ued.net [192.168.2.253])
>         by mail2.ued.net (Postfix) with ESMTP id D1BF415C64
>         for <Nesdanet@xxxxxxx>; Fri, 30 Apr 2004 06:42:40 -0500 (CDT)
> Received: from pavilion.net (va-spotsy-cuda1-c2a-232.frbgva.adelphia.net 
> [68.65.33.232])
>         by fw5in.ued.net (Postfix) with SMTP id 87D23CF1F
>         for <Nesdanet@xxxxxxx>; Fri, 30 Apr 2004 06:35:25 -0500 (CDT)
> Date: Fri, 30 Apr 2004 07:37:54 -0500
> To: "Nesdanet" <Nesdanet@ued.>
> From: "Tv.vcrrepair" <tv.vcrrepair@xxxxxxxxxxx>
> Subject: Protected message
> Message-ID: <ziehhuqkzhbjlbdpwgj@xxxxxxx>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>         boundary="--------(long string of letters removed by me [Bil])"
> -------------------------- END HEADERS ------------------------------
> 
> 
> 
> --
> Best regards,
> 
>  Bil Green
>  PC 1000
>  Mammoth Lakes, CA 93546
>  760-924-1000                          mailto:tv.vcrrepair@xxxxxxxxxxx
> 
> -----------------------------------------------------------------------------
> Lost Password:
> http://www.tech-assist.org  and select "Login Problems?".
> Email Archives:
> http://www.freelists.org/archives/techassist/

--


-----------------------------------------------------------------------------
Lost Password:
http://www.tech-assist.org  and select "Login Problems?".
Email Archives:
http://www.freelists.org/archives/techassist/

Other related posts: