Quick question about a recent trend in incoming viruses to our network: The following is three different headers from messages that came into my mailbox.
============================================================================ ========================= Return-Path: [EMAIL PROTECTED] Received: from [207.241.128.20] (HELO smtp00.journey.com) by atchisonkansas.net (Stalker SMTP Server 1.8b9d14) with ESMTP id S.0000207182 for <[EMAIL PROTECTED]>; Sat, 08 Feb 2003 19:47:30 -0600 Received: from Dbspa (mkc-24-166-176-56.kc.rr.com [24.166.176.56]) by smtp00.journey.com (Postfix) with SMTP id 2D295246E1 for <[EMAIL PROTECTED]>; Sat, 8 Feb 2003 21:31:18 -0500 (EST) From: postmaster <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Returned mail--"Specials" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=X7J8CX82217 Message-Id: <[EMAIL PROTECTED]> Date: Sat, 8 Feb 2003 21:31:18 -0500 (EST) ============================================================================ ========================= Return-Path: [EMAIL PROTECTED] Received: from [207.241.128.20] (HELO smtp00.journey.com) by atchisonkansas.net (Stalker SMTP Server 1.8b9d14) with ESMTP id S.0000207112 for <[EMAIL PROTECTED]>; Fri, 07 Feb 2003 19:52:37 -0600 Received: from Iqeciruao (mkc-24-166-176-56.kc.rr.com [24.166.176.56]) by smtp00.journey.com (Postfix) with SMTP id E4ECC246D6 for <[EMAIL PROTECTED]>; Fri, 7 Feb 2003 21:36:24 -0500 (EST) From: degatewood <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Sos! MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=M0NZA168KWbY89h9P2l52iNZXP5Hd4 Message-Id: <[EMAIL PROTECTED]> Date: Fri, 7 Feb 2003 21:36:24 -0500 (EST) ============================================================================ ========================= Return-Path: [EMAIL PROTECTED] Received: from [207.241.128.20] (HELO smtp00.journey.com) by atchisonkansas.net (Stalker SMTP Server 1.8b9d14) with ESMTP id S.0000207109 for <[EMAIL PROTECTED]>; Fri, 07 Feb 2003 19:32:25 -0600 Received: from Sxgwzgw (mkc-24-166-176-56.kc.rr.com [24.166.176.56]) by smtp00.journey.com (Postfix) with SMTP id E77EA24702 for <[EMAIL PROTECTED]>; Fri, 7 Feb 2003 21:16:13 -0500 (EST) From: postmaster <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Returned mail--"BACKGROUND" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=F9P1Q06j638jj20k48i9G7sk8 Message-Id: <[EMAIL PROTECTED]> Date: Fri, 7 Feb 2003 21:16:13 -0500 (EST) ============================================================================ ========================= I know that I have asked something along these lines before, but wanted to make sure that I am not misunderstanding this. If I have SIMS setup to verify return paths, can I assume that the mailbox SIMS says it's coming from is accurate and not spoofed in any way? The reason I ask is this - at least ONE of these accounts hasn't been used for a very long time, and is coming from a local provider, journey.com. I talked with the woman who owned that mailbox and she said she hasn't used that address in many months. I guess I'm trying to track down and see where these messages are REALLY coming from. The attachments vary, from .scr to .bat, but the second file seems to be the same. It's called villamo32.html. Anyways, thanks in advance for your help. Chris ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
