[Modus] Heads Up People

[John M. Troher]

We are seeing many of these messages coming in from all over the place to random if not dictionary recipients.   The message is designed to look like a delivery failure but closer examination point to other motives.   The majority of them all com from dynamic IP space like Road Runner, or Earthlink, AOL, etc and sent by The Bat so this looks very suspect, in all cases the attached file is ‘fail.hta’   You might want to add this file to your blocked attachment’s just in case.   John   -------------------   ��� Sender: [EMAIL PROTECTED] IP Address: 65.25.173.185 �Recipient: [EMAIL PROTECTED] �� Subject: Your message delivery has been failed. �MessageID: hBUG8D409464 ��� Report: HTML archives are very dangerous in email (fail.hta)   Full headers are:   �Return-Path: <�g> �Received: from rr.com (cpe-65-25-173-185.wi.rr.com [65.25.173.185]) ����� by mailin-2.isoc.net (8.11.6/8.11.6) with SMTP id hBUG8D409464 ����� for <[EMAIL PROTECTED]>; Tue, 30 Dec 2003 11:08:13 -0500 �Received: from CPE-65-25-173-185.wi.rr.com (CPE-65-25-173-185.wi.rr.com [65.25.173.185]) �������� by rr.com (8.12.8p1/8.12.8) with ESMTP id agieqd80104 �������� for <[EMAIL PROTECTED]>; Tue, 30 Dec 2003 14:13:35 -0400 (EST) �Date: Tue, 30 Dec 2003 14:13:33 -0400 (EST) �From: Mailer Daemon <[EMAIL PROTECTED]> �X-Mailer: The Bat! (v1.61) Personal �Reply-To: [EMAIL PROTECTED] �X-Priority: 3 (Normal) �Message-ID: <[EMAIL PROTECTED]> �To: [EMAIL PROTECTED] �Subject: Your message delivery has been failed. �MIME-Version: 1.0 �Content-Type: multipart/mixed; boundary="----------083852498486863"