[PCWorks] Has anyone else received this virus elert emails allegedly from Ebay?

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Thu, 17 Jul 2008 08:49:59 -0500

Has anyone else received any emails like this?

###################

----- Original Message ----- 
From: <member@xxxxxxxx>
To: <undisclosed-recipients:>
Sent: Wednesday, July 16, 2008 7:07 PM
Subject: ALERT: Virus Removed


The AntiVirus server has detected the HTML.Phishing.Auction-222
virus in an email sent to you, allegedly sent by
member@xxxxxxxxx This email address may, or may not, be the
originating source, as some viruses can hijack address books
and in turn, send email with any of those addresses. Please
take note that this virus has been destroyed and this email is
a notification of virus activity and is itself virus free.

scanned Wed Jul 16 20:07:34 EDT 2008

#################

Now we all get similar types of cyber-terrorist Phishing emails
spoofing Ebay.  But what I'm curious about on this one and what
makes it different, is "they" have you to believe (correctly or
perhaps nefariously lying) that "they" are protecting you from
said allegedly intercepted email.  I say "they" because I do
not know who "they" are.  I'm suspect of this because
1) This was sent to an email address that has nothing to do
with Ebay, and 2), the email headers (pasted below) seemingly
have nothing to do with Ebay.  I searched and I could not find
any association between Ebay and "Bluetie".  Ebay has their own
server, and 206.65.163.6 (MCI/UU.net) seems to have nothing to
do with them.  I also looked at some older Ebay emails and none
of them had these types of headers.  Does anyone know if Ebay
is now using http://bluetie.com/ for any of their outgoing
emails?  If not, (and the main reason for posting), I'm going
to have to look further into this because some scumbag may be
spoofing that particular email address of mine and I may have
to do some server blocks.  I can't tell, but it also could be,
that some parasite that's on the Bluetie/MCI/UU.net network is
sending out possible Phishing emails to random addresses.

Return-path: <webmaster2.mws3848637@xxxxxxxxxxxxxxxxxxxxxxxxx>
Envelope-to:
Delivery-date: Wed, 16 Jul 2008 17:07:47 -0700
Received: from  by .com with local-bsmtp (Exim 4.68)
 (envelope-from
<webmaster2.mws3848637@xxxxxxxxxxxxxxxxxxxxxxxxx>)
 id 1KJH24-00005h-Lh
 for ; Wed, 16 Jul 2008 17:07:46 -0700
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on .com
X-Spam-Level: *
X-Spam-Status: No, score=1.4 required=5.0 tests=NO_DNS_FOR_FROM
 autolearn=disabled version=3.2.3
Received: from outbound2.bluetie.com ([206.65.163.6])
 by .com with esmtp (Exim 4.68)
 (envelope-from
<webmaster2.mws3848637@xxxxxxxxxxxxxxxxxxxxxxxxx>)
 id 1KJH24-00005R-Eq
 for ; Wed, 16 Jul 2008 17:07:40 -0700
Received: by outbound2.bluetie.com (Postfix, from userid 8)
 id E74A365907D; Wed, 16 Jul 2008 20:07:43 -0400 (EDT)
Received: from mstore32.nyc1.bluetie.com
(mstore32.nyc1.bluetie.com [10.102.1.50])
 by outbound2.bluetie.com (Postfix) with ESMTP id B8F2765908C
 for <>; Wed, 16 Jul 2008 20:07:43 -0400 (EDT)
Received: by mstore32.nyc1.bluetie.com (Postfix, from userid
1226592)
 id AEB08124083; Wed, 16 Jul 2008 20:07:43 -0400 (EDT)
X-Original-To: webmaster2.mws3848637@xxxxxxxxxxxxxxxxxxxxxxxxx
Delivered-To: webmaster2.mws3848637@xxxxxxxxxxxxxxxxxxxxxxxxx
Received: from mhub1.nyc1.bluetie.com (mhub1.nyc1.bluetie.com
[10.102.1.66])
 by mstore32.nyc1.bluetie.com (Postfix) with ESMTP id
62DA912406F
 for <webmaster2.mws3848637@xxxxxxxxxxxxxxxxxxxxxxxxx>; Wed, 16
Jul 2008 20:07:34 -0400 (EDT)
Received: from av7.nyc1.bluetie.com (av7.nyc1.bluetie.com
[10.102.1.72])
 by mhub1.nyc1.bluetie.com (Postfix) with ESMTP id 5B1B7803F
 for <webmaster2.mws3848637@xxxxxxxxxxxxxxxxxxxxxx>; Wed, 16
Jul 2008 20:07:34 -0400 (EDT)
Received: from av7.nyc1.bluetie.com (localhost.localdomain
[127.0.0.1])
 by av7.nyc1.bluetie.com (Postfix) with ESMTP id 4C402893B80
 for <webmaster2.mws3848637@xxxxxxxxxxxxxxxxxxxxxx>; Wed, 16
Jul 2008 20:07:34 -0400 (EDT)
Received: by av7.nyc1.bluetie.com (Postfix, from userid 103)
 id 40F4B893B98; Wed, 16 Jul 2008 20:07:34 -0400 (EDT)
Subject: ALERT: Virus Removed
Message-Id: <20080717000734.40F4B893B98@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 16 Jul 2008 20:07:34 -0400 (EDT)
From: member@xxxxxxxx
To: undisclosed-recipients:;
X-Virus-Scanned: ClamAV using ClamSMTP

-Clint

God Bless
Clint Hamilton, Owner
http://www.OrpheusComputing.com
http://www.ComputersCustomBuilt.com



=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Has anyone else received this virus elert emails allegedly from Ebay?

1. Home
2. pcworks
3. Archive
4. 07-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---