AFAIK, this infected message didn't come from me. It has my return address,
but as you can see, the sending server is mail.stadacona.ca.
We block all executables at the server, and I started getting bounce
messages about an hour before I was even in the office.
Also, nobody I've every actually email directly has bounced me a message,
and I'm not seeing any outbound port 25 traffic from any machine other than
my mail server.
Can anyone confirm that this virus forges return addresses? The antiviral
vendors appear to be behind on this one...
-ryan-
-----Original Message-----
From: John Matteson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 10:32 AM
To: Exchange Discussions
Subject: New Virus / Worm ??
I received an E-mail from a person that I didn't know this morning, and the
subject line was a lot of nonsense characters. Using Outlook 2000 I
highlighted it and it kicked off the attachment, which opened Media Player
and tried to play a file, but got a content error.
Here is the header from the message as it was received. Anyone have any
ideas about this?
===================
Received: from COURRIER (mail.stadacona.ca [207.236.164.198]) by
mx2.geac.com with SMTP (Microsoft Exchange Internet Mail Service Version
5.5.2653.13)
id T1K1YYZM; Tue, 18 Sep 2001 09:56:21 -0400
From: [EMAIL PROTECTED]
To:
Subject:
Xodco0411odco0804odco040alogv040abedsnotebeclassodco0804bedsnotebootodco0407
logv0409exgu040aodco0412avco040cbootmoderatravco0411unstdllodco040clogv0404o
dco040cbebsdulogv0412odco0407
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="====_ABC1234567890DEF_===="
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
--====_ABC1234567890DEF_====
Content-Type: multipart/alternative;
boundary="====_ABC0987654321DEF_===="
--====_ABC0987654321DEF_====
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--====_ABC0987654321DEF_====--
--====_ABC1234567890DEF_====
Content-Type: audio/x-wav;
name="readme.exe"
Content-Transfer-Encoding: base64
Content-ID: <EA4DMGBP9p>
John Matteson; Exchange Manager
Geac Corporate Infrastructure Systems and Standards
(404) 239 - 2981
...the words that I remember from my childhood still are true, that there
are none so blind as those who will not see.... --The Moody Blues (I know
you're out there)
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
