strange return - blaster worm

dajabo Sat, 23 Aug 2003 19:13:45 +0000

Received a strange 'return' just now and would appreciate your
collective experience in understanding it.


mail delivery software Exim has intercepted a message with my email
address in the return path. The message (it says) had a 'details.pif'
attachment - which I believe is the blaster worm's

The trouble is the address the malicious mail was addressed to, also
that my computer is clean. I haven't had any blaster symptoms, or
anything out of the ordinary to indicate an infestation, my AV is up
to date and the MS patches.

On top of that the email address is [EMAIL PROTECTED] which
resembles nothing I have ever used or keep in my address book.

The xmailer is Outlook Express, in which I have deleted all account
information, seeing as I'm now happy with the bat. I've even
uninstalled it.

Could it be this email was sent from another machine with my address
inserted in the return path?

Here are the headers that were returned to me:



*************************************************

Return-path: <[EMAIL PROTECTED]>
Received: from [165.165.16.246] (helo=PC4)
        by nosgp1.openet.gov.za with esmtp (Exim 3.36 #1)
        id 19qcc4-000LUV-00
        for [EMAIL PROTECTED]; Sat, 23 Aug 2003 19:55:44 +0200
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: Details
Date: Sat, 23 Aug 2003 19:56:08 +0200
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="_NextPart_000_027539F8"
Message-Id: <[EMAIL PROTECTED]>

This is a multipart message in MIME format

--_NextPart_000_027539F8
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Please see the attached file for details.
--_NextPart_000_027539F8
Content-Type: application/octet-stream;
        name="details.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
        filename="details.pif"


*******************************************************

David Boggon


_________________________________

using 1.62r
Windows 2000
5 0 Service Pack 4 


________________________________________________
Current version is 1.62r | "Using TBUDL" information:
http://www.silverstones.com/thebat/TBUDLInfo.html

strange return - blaster worm

Reply via email to