...I just signed up to ST a week or two ago after a long absence, and started getting these immediately. So some current member's PC is doing it. It's not some long lost thing thing here. Someone on the list is sending out a virus!
Nope. Since you joined, you are now receiving e-mail addressed to ShopTalk. Any e-mail -- clean or infected -- sent to that group address now goes to you. That e-mail does not have to originate from a member's machine.
We've gone around this tree several time before. The virus (actually, it's a worm) collects addresses from the address book of Person A and sends them using various faked e-mail addresses swiped from the address book of Person B. These are actually sent using a tiny SMTP server on the machine of Person C, who never even knows he's infected unless he has the good sense to scan his machine now and again. Even then, some infections have the ability, once rooted, to foil virus scanners' attempts to find them.
In our current situation, Person C is an oblivious soul whose machine is sending out many, many copies of the worm to ShopTalk (an address which was swiped), under the guise of Mykey and Bernie (also swiped).
So it's not Mykey, it's not Bernie, and it's not ShopTalk who is infected. It's someone else who is using the scent of those three to throw off the hounds.
Actually, looking at your mail headers still attached below, it looks a lot to me like it's MIKE.org who is the source. He's a DSL user somewhere in the gte.net domain. $10 says that has no idea the trouble he's causing. FWIW, my VisualRoute trace places him in Los Angeles.
Anyone know a Mike from LA?
:-)
Burgess
X-Apparently-To: [EMAIL PROTECTED] via 216.136.174.218; Fri, 20 Aug 2004 09:55:40 -0700
X-Originating-IP: [148.59.19.5]
Return-Path: <[EMAIL PROTECTED]>
Received: from 148.59.19.5 (EHLO conch.msen.com) (148.59.19.5)
by mta106.biz.mail.re2.yahoo.com with SMTP; Fri, 20 Aug 2004 09:55:40 -0700
Received: from conch.msen.com ([EMAIL PROTECTED] [127.0.0.1])
by conch.msen.com (8.12.10/8.12.10) with ESMTP id i7KGe6vW016017;
Fri, 20 Aug 2004 12:40:06 -0400 (EDT)
Received: (from [EMAIL PROTECTED])
by conch.msen.com (8.12.10/8.12.7/Submit) id i7KGe6V6016016;
Fri, 20 Aug 2004 12:40:06 -0400 (EDT)
Received: from MIKE.org (bdsl.66.13.216.137.gte.net [66.13.216.137])
by conch.msen.com (8.12.10/8.12.10) with SMTP id i7KGdwvX015988
for <[EMAIL PROTECTED]>; Fri, 20 Aug 2004 12:39:59 -0400 (EDT)
Date: Fri, 20 Aug 2004 09:21:53 -0800
To: "ShopTalk" <[EMAIL PROTECTED]>
From: "MYKEYGOLF" <[EMAIL PROTECTED]>
Subject: ShopTalk: Re:
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
Brad Smith wrote:I keep getting messages like this with MYKEY being shown as the sender. The Fish.exe shows as an attachment of 21.7 KB size. I don't ever open them because I'm afraid they might be viruses. Can someone more knowledgeable about this explain what they are.
thanks, Brad
