Operating Systems > Linux and UNIX

Help! I tihnk i have an email worm

<< < (2/2)

voidmain:
It does look like a Windows virus. They typically send out *.SCR, *.EXE, *.BAT type of attachments. What it could be is a friend who has your email address in their Lookout Depress address book and their system has a virus that sends email and setting the reply-to: address to your email address (pulled from "their" address book). Some email servers that receive the message have detected a problem and bounce the message, however it gets bounced back to you and not the "real" sender of the message because your name was used as the From: and Reply-To:.

I have had smtp servers bounce mail back to me because spammers used my email address in the From headers.

If the rejected message happens to have the original header you might be able to track it down based on the IP address the original message came from (this *definitely* can be done in the logs of the SMTP server that bounced the message).

[ December 18, 2002: Message edited by: void main ]

Doogee:
i think i may know who it was. i know one person who uses lookout almost exclusively. what can i reccomend they do? they will NOT stop using lookout.

<edit>

i know excatcly who it is, the person uses pnc as there isp and look at this:

Received: from scan.pnc.com.au (scan.pnc.com.au [203.13.174.123])
   by mx2.punkass.com (Postfix) with SMTP id 3D1BA16
   for <[email protected]>; Sat, 14 Dec 2002 08:48:38 +0000 (UTC)

i may have to block this person till they stop using lookout.

</edit>

[ December 19, 2002: Message edited by: Got Doogee? ]

Calum:
good idea. nobody should be using lookout. I say that for 100% security reasons.

voidmain:
I would tell him he is responsible for masquerading as you on the Internet and that if he doesn't clean up his act you will sue his ass. Since he's running that Microsoft crap he will need to get some virus software and clean up his machine. And tell him that as long as he uses Lookout Depress that your name should be removed from his address book so you don't have to put up with his virus mail.

Navigation

[0] Message Index

[*] Previous page

Go to full version