I received the following email. I run my own mail server in my apartment using Sambar Server; there is no "[EMAIL PROTECTED]" The attached file was a zipped .exe file. I didn't bother scanning it, but I think it's safe to assume that it's a virus or trojan.
A whois search on the Received: from IP address brings up what looks like a dial-up node in Ontario, Canada. I don't know how the Return-path: fits into the puzzle; ehs.com is Eckerd Health Services in Pittsburgh, PA.
Anyway, does anyone know if there's a virus out there that constructs emails like this, or is this a scam targeted specifically at me?
Thanks! -- Rich
------Attached email------
X-UID32: 1083841905
X-DATE: 1078287335
Return-path: [EMAIL PROTECTED]
Received: from 142.154.23.141 by mail.richardklein.org (Sambar SMTPD);
id s20040302231511.7350; Tue, 02 Mar 2004 23:15:15
Date: Tue, 02 Mar 2004 23:17:01 -0800
To: [EMAIL PROTECTED]
Subject: Email account utilization warning.
From: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------ibmbdxhoogrgytcpyxue"----------ibmbdxhoogrgytcpyxue Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit
Dear user of e-mail server "Richardklein.org",
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
For details see the attached file.
In order to read the attach you have to use the following password: 53808.
Kind regards,
The Richardklein.org team
http://www.richardklein.org------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
