[TechAssist] Re: Warning- watch out for fake RETURNED MAIL messages in your inboxes
- From: "Technotronic Dimensions" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: <techassist@xxxxxxxxxxxxx>
- Date: Wed, 20 Aug 2003 15:15:27 -0400
I got 2 notices today someplace in Europe got a Virus with my return
Email....and to check my Machine. I guess *not a lot* of people know these
Worms randomly select addresses from the address book. The Header reveals
the actual originating machine, unless I think it comes from a Linux Box
where under that O-S you can spoof Just about anything. (hackers top pick
for OS's)
Steve Hearns
Technotronic Dimensions, NY (USA)
1-877-817-9885 (Voice / Fax US Only)
WWW.TECHNOTRONIC-DIMENSIONS.COM
----- Original Message -----
From: "Gary McCartney" <gary@xxxxxxxxxxx>
To: <techassist@xxxxxxxxxxxxx>
Sent: Wednesday, August 20, 2003 2:54 PM
Subject: [TechAssist] Warning- watch out for fake RETURNED MAIL messages in
your inboxes
> I just got an email entitled: "Returned mail: see transcript for
> details"
>
>
> See copy below (minus the attachment of course). I never sent this email
> to the addressee and I never attached a file called "Your document.pif"
>
> This is obviously a worm ready to be executed if I would click on the
> file, which I won't. I will delete the email instead.
>
> I figured it is important to let the list members know about this before
> anyone accidently clicks on a file in a similar type of email.
>
>
> Gary McCartney
>
> McCartney Electronics
> Guelph Ontario Canada
> Est. 1984
> email: gary (at) number63.ca
>
>
> --------------------------------------------------------------------------
-----------------------
>
>
> COPY OF EMAIL:
>
> Subject: Returned mail: see transcript for details
> Date:
> Wed, 20 Aug 2003 20:42:04 +0200
> From:
> Mail Delivery Subsystem <MAILER-DAEMON@xxxxxxxxxxxx>
> To:
> <gary@xxxxxxxxxxx>
>
>
>
>
> The original message was received at Wed, 20 Aug 2003 20:41:56 +0200
> from adsl-65-65-202-89.dsl.stlsmo.swbell.net [65.65.202.89]
>
> ----- The following addresses had permanent fatal errors -----
> <gyeublitzkrieg24@xxxxxxx>
> (reason: 550 unknown user <gyeublitzkrieg24@xxxxxxx>)
>
> ----- Transcript of session follows -----
> ... while talking to mail.comb.es.:
> >>> RCPT To:<gyeublitzkrieg24@xxxxxxx>
> <<< 550 unknown user <gyeublitzkrieg24@xxxxxxx>
> 550 5.1.1 <gyeublitzkrieg24@xxxxxxx>... User unknown
>
>
>
>
> Reporting-MTA: dns; webs.comb.es
> Received-From-MTA: DNS; adsl-65-65-202-89.dsl.stlsmo.swbell.net
> Arrival-Date: Wed, 20 Aug 2003 20:41:56 +0200
>
> Final-Recipient: RFC822; gyeublitzkrieg24@xxxxxxx
> Action: failed
> Status: 5.1.1
> Remote-MTA: DNS; mail.comb.es
> Diagnostic-Code: SMTP; 550 unknown user <gyeublitzkrieg24@xxxxxxx>
> Last-Attempt-Date: Wed, 20 Aug 2003 20:42:04 +0200
>
>
> Subject:
> Re: Approved
> Date:
> Wed, 20 Aug 2003 12:59:19 --0500
> From:
> <gary@xxxxxxxxxxx>
> To:
> <gyeublitzkrieg24@xxxxxxx>
>
>
>
> See the attached file for details
>
>
>
> your_document.pif
>
> Name:
> your_document.pif
> Type:
> Shortcut to MS-DOS Program
> (application/x-unknown-content-type-piffile)
> Encoding:
> base64
> --
>
>
****************************************************************************
*
> Classifieds! Buy or Sell!
> http://sell.tech-assist.org
> The Tech Address Book:
> http://www.tech-assist.org/secure/tip/contact.htm
> Add a Repair Tip Here, or Change/Remove your Email Address:
> http://www.tech-assist.org/secure/tip/main.htm
> Lost Password:
> http://www.tech-assist.org and select "Lost your Login Info?".
> Email Archives:
> //www.freelists.org/archives/techassist/
*****************************************************************************
Classifieds! Buy or Sell!
http://sell.tech-assist.org
The Tech Address Book:
http://www.tech-assist.org/secure/tip/contact.htm
Add a Repair Tip Here, or Change/Remove your Email Address:
http://www.tech-assist.org/secure/tip/main.htm
Lost Password:
http://www.tech-assist.org and select "Lost your Login Info?".
Email Archives:
//www.freelists.org/archives/techassist/
Other related posts:
