Only the IP number in the email header will reveal the true source of the virus-infected email.
The from address is usually spoofed. ====================================== Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 ====================================== If you are not satisfied with my service, my job isn't done! ----- Original Message ----- From: "Jeff Garza" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Thursday, June 26, 2003 12:27 PM Subject: Re: how stupid | Actually, the Klez virus can take any email from the list it's sending from | and use that email as the From and Reply-To fields. This happend to my mom. | I'm sure she doesn't have the Klez virus on her machine yet she still gets | about 50 bounce messages a day from AOL. One of the unpleasant | potentialities of dealing with Klez... So, Dana, you probably never had the | virus in the first place and AOL sucks for sending back the entire message, | virus attachment and all.. Their mail gateway should delete the entier | message and send a digest of the transaction back to the "purported" sender. | | Jeff | | ----- Original Message ----- | From: "William Wheatley" <[EMAIL PROTECTED]> | To: "CF-Community" <[EMAIL PROTECTED]> | Sent: Thursday, June 26, 2003 10:18 AM | Subject: Re: how stupid | | | No i wasn't patronizing you but that error message by itself when you read | it shows that it was rejecting a message you sent. Of course without all the | facts thats the only conclusion one could come to. | | Does the virus send fake emails proporting to be from the ISP? Its easy to | spoof mail and such that might be a fun virus to have to deal with fake | Daemon messages that actually have viruses. | | | ----- Original Message ----- | From: "Dana Tierney" <[EMAIL PROTECTED]> | To: "CF-Community" <[EMAIL PROTECTED]> | Sent: Thursday, June 26, 2003 12:27 PM | Subject: Re: how stupid | | | > Ahem. AOL emailed me the sobig.e virus according to my Norton antivirus. | > The email has an attachment labeled your_details.zip, which is per the | > specs for this virus. Naturally I did not open it. But the email is not | > from [EMAIL PROTECTED]; the email is *from* AOL saying my email to her was not | > delivered because it has a virus. Which they helpfully included for | > reference. Now, from the top, this virus claims to be from people who are | > also in the address book of the original sender. I do not know ruthj and | > she is not in my address book, and I don't have this virus because norton | > caught it in this email that AOL sent me. | > | > God I hate it when you patronize me, especially when you usually don't | have | > a good grasp of what is going on when you do it. | > | > Dana | > | > On Thu, 26 Jun 2003 12:18:19 -0400, William Wheatley <[EMAIL PROTECTED]> | > wrote: | > | > > That doesn't say aol sent you a virus that says whoever mailed that ruth | > > person has a virus that was in their email and they had better fix it. | > > | > > But either way aol is evil. | > > | > > | > > ----- Original Message ----- From: "Dana Tierney" <[EMAIL PROTECTED]> | > > To: "CF-Community" <[EMAIL PROTECTED]> | > > Sent: Thursday, June 26, 2003 12:12 PM | > > Subject: Re: how stupid | > > | > > | > >> the AOL user didnt send me the virus. AOL did. I got the following, | with | > >> the virus as an attachment. | > >> | > >> The original message was received at Thu, 26 Jun 2003 06:09:09 -0400 | > >> (EDT) | > >> from [66.72.7.21] | > >> | > >> *** ATTENTION *** | > >> Your e-mail is being returned to you because there was a problem with | > >> its | > >> delivery. The address which was undeliverable is listed in the section | > >> labeled: "----- The following addresses had permanent fatal | errors ----- | > >> ". | > >> The reason your mail is being returned to you is listed in the section | > >> labeled: "----- Transcript of Session Follows -----". | > >> The line beginning with "<<<" describes the specific reason your e-mail | > >> could | > >> not be delivered. The next line contains a second error message which | > >> is | > > a | > >> general translation for other e-mail servers. | > >> Please direct further questions regarding this message to your e-mail | > >> administrator. | > >> --AOL Postmaster | > >> | > >> | > >> ----- The following addresses had permanent fatal errors ----- | > >> <[EMAIL PROTECTED]> | > >> ----- Transcript of session follows ----- | > >> ... while talking to air-xm03.mail.aol.com.: | > >> >>> DATA | > >> <<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has | > > not | > >> been sent. | > >> 554 <[EMAIL PROTECTED]>... Service unavailable | > >> | > >> On Thu, 26 Jun 2003 10:59:06 -0500, Matt Blatchley ~ Bridgeleaf Studios | > >> <[EMAIL PROTECTED]> wrote: | > >> | > >> > Dana, | > >> > | > >> > I run into similar issues with AOL users. I have a few clients who | > >> > refuse | > >> > to use the email addresses I setup for them and they send me virus's | > >> too | > >> > stating I sent it to them. Big pain in the ass because I've | requested | > >> a | > >> > response from the folks at AOL, but like you said, the level of | > >> response | > >> > is | > >> > by someone part time and doesn't give two shiznitz about anyone other | > >> > than | > >> > their own customers, and that's only if they bitch consistently. I'd | > >> > love | > >> > to rant about them two, but I'll spare the rest of the list my | opinion | > > on | > >> > that issue seeing as how they can all assume my feelings on that one | > >> > anyway. | > >> > I feel for ya! | > >> > | > >> > Matt | > >> > | > >> > | > >> > -----Original Message----- | > >> > From: Dana Tierney [mailto:[EMAIL PROTECTED] | > >> > Sent: Thursday, June 26, 2003 10:34 AM | > >> > To: CF-Community | > >> > Subject: how stupid | > >> > | > >> > | > >> > (rant) | > >> > I was complaining yesterday about getting a little notice scolding me | > > for | > >> > allegedly sending a virus to somebody I don't know in Finland. The | > >> virus | > >> > in | > >> > question puts names from the true sender's address book in the "from" | > >> > field, but apparently the system in question is not set up to check | ip | > >> > addresses. | > >> > | > >> > I ran an extra virus scan last night to be sure, and no, I don't have | > >> > this | > >> > virus. I would not expect to as my virus software scans incoming | mail. | > >> > | > >> > This scan works, as demonstrated by the fact that this morning it | > >> warned | > >> > me | > >> > that someone emailed me a virus. Come to find out it is AOL, | > >> complaining | > >> > that I sent this virus to [EMAIL PROTECTED], whom I do not know. | > >> > | > >> > The truly astounding thing is that *they mailed the virus to me* -- | is | > >> > that | > >> > supposed to prove something? What if I did not in fact have up to | date | > >> > software? I used to work at AOL so I am well past expecting | > >> intelligence | > >> > from them, but geez, this practice is a threat to the health of the | > >> > internet. Too bad it doesn't have a WHO. | > >> > | > >> > (end rant) | > >> > Dana | > >> > | > >> > | > >> > -- | > >> > Mr Jones and me | > >> > We're stumbling through the barrio.... | > >> > | > >> > | > >> > | > >> | > > | > | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
