>Is Lentin known to forge the headers? Or am I dealing with intentional >activity? > >I have tried looking at Symantec but could not find an answer.
http://www.sophos.com/virusinfo/analyses/w32yahae.html shows that it sends the E-mail on its own, so it can (and does) create whatever headers it likes. >Received: from mail.indianmovies.com [66.30.200.159] by mail.reliance.net > (SMTPD32-7.10) id A5805870026; Mon, 22 Jul 2002 09:40:32 -0700 >From: Mail Delivery System<[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Undelivered Mail Returned to Sender -Dear Shashi.docjunk.2 66.30.200.159 is an AT&T Broadband IP address, so it likely was sent from someone with the virus. Note that the URL above specifies that the virus may send itself as a bounce message lookalike. This is almost certainly not intentional (aside from the intent of the writer of the virus). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
