Here is a snipet of some on going email I'm having with a LAN administrator at a university hospital. I forwarded a copy of the Declude virus catch, to show them the IP #'s of the machine that sent the Sobig virus. I can't get it through his head that the headers are forged, and irrevelant.
My last message to him pleaded to have him establish a telephone dialog with me so I could explain the message to him ... I politely told him if he wants to take the chance that a workstation is infected within their LAN based on the assumption that he might really be wrong, he was welcomed to the havoc it will cause. <sigh> David Dodell ===================Original message text=============== David, In looking at the header you sent Marcy, the subject of the message is "Undeliverable: Re: Details" which means our e-mail system was sending you a message back that it couldn't deliver a message from you. My best guess is that Sobig may be on your pc, and you have a contact somewhere to someone at uch that is no longer here or valid. Not too uncommon for we changed our domain last year. Furthermore, our e-mail system doesn't allow .pif or .scr attachments and will strip them if attempted whether infected or not. We appreciate the heads up, but based upon the header it looks like it was a bounced message from you that was infected and thus the hit by your antivirus. If you have any additional questions, comments, or concerns don't hesitate to let me know. -----Original Message----- This came from David who said this came from one of our computers. He said he was this stat technology. Marcy -----Original Message----- From: David Dodell [mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 2:22 PM To: <left out to protect identity> Subject: Fwd: Virus Notification ===================Original message text=============== Declude Virus v1.75i2 caught the following: Virus Name: W32/[EMAIL PROTECTED] Virus File: movie0045.pif From: [Forged] To : [EMAIL PROTECTED] Date: 08/23/2003 13:06:35 Subject: Undeliverable: Re: Details Spool File: Dc94a00d300be355a.SMD RemoteIP: 168.200.2.37 SenderHost: Unknown ---------------- Received: from guava.uch.edu [168.200.2.37] by stat.com with ESMTP (SMTPD32-8.02) id A94AD300BE; Sat, 23 Aug 2003 13:06:34 -0700 Received: from mail pickup service by guava.uch.edu with Microsoft SMTPSVC; Sat, 23 Aug 2003 14:06:33 -0600 Received: from uchaex2.uch.ad.pvt ([168.200.32.18]) by guava.uch.edu with Microsoft SMTPSVC(5.0.2195.5329); Sat, 23 Aug 2003 14:06:23 -0600 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Received: by uchaex2.uch.ad.pvt with Internet Mail Service (5.5.2653.19) id <RLYYQK7T>; Sat, 23 Aug 2003 14:06:23 -0600 Message-ID: <[EMAIL PROTECTED]> from: "System Administrator" <[EMAIL PROTECTED]> to: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> subject: Undeliverable: Re: Details Date: Sat, 23 Aug 2003 14:06:22 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C369B2.066CB0EC" Return-Path: X-OriginalArrivalTime: 23 Aug 2003 20:06:23.0921 (UTC) FILETIME=[07029210:01C369B2] ================End of original message text=========== ================End of original message text=========== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
