I just received this&I've pasted the message below. It came with a midi which my firewall stripped but I'd say this looks like some sort of virus?
It's definitely a rogue E-mail:
Received: from vsmtp4.tin.it [212.216.176.224] by todhunter.com with ESMTP
(SMTPD32-7.15) id A6C26340126; Thu, 20 Nov 2003 07:42:42 -0500
Received: from qrgxih (213.45.198.106) by vsmtp4.tin.it (7.0.019)
id 3F8C844B01391067; Thu, 20 Nov 2003 13:37:36 +0100
It didn't go through any AOL servers, yet:
FROM: "Internet Message Delivery System" <[EMAIL PROTECTED]>
It claims to be from AOL.
<iframe src=3D"cid:...
Then, there's this nasty piece of code which *could* be legitimate -- but is normally used to trigger a vulnerability in Outlook.
[Content type "audio/x-midi" has been identified as a potentially dangerous payload and has been denied by the Todhunter Firewall. Have sender deliver to [EMAIL PROTECTED] and CC: you. Contact Network Administrator (Sharyn Schmidt) for message retrieval.]
Most likely, this was a virus or other malicious E-mail that used the IFRAME exploit such that the E-mail used a content type of "audio/x-midi" (for a MIDI music file), but the file name probably had an .exe or similar extension.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
