Home page logo
/

basics logo Security Basics mailing list archives

Re: Returned Mails
From: JEREMY Anderson <jeremy () 2monkeys org>
Date: Mon, 26 Apr 2004 16:12:19 -0700 (PDT)

The telltale item which you need to look at is to open up the original 
email (usually bundled as an attachment in the bounce), and look at the 
Received: header(s) in this email.

If you see your server's IP address in the Received headers, it is 
possible that your machine has been infected.  If you see other IP 
addresses, NetSky just poached your email from an associates' box and 
resent mails under your name.  That happens all the time, and is, of 
course, meaningless.

On Mon, 26 Apr 2004, Guru4u Support wrote:

Hi,

This is probably a stupid question but I could do with some confirmation 
of what I think is happening. I've been receiving a lot of 'return' emails claiming 
they have been returned as I have a virus. Example below:


A virus was found in a message sent by this
account.

--- Scan information follows ---

Result: Virus Detected
Virus Name: W32.Netsky.C () mm
File Attachment: posting.txt.com
Attachment Status: deleted

--- Original message information follows ---

From: ************* () guru4u co uk
To: ********.com
Date: Fri, 23 Apr 2004 23:32:12 +0100
Subject: SPAM: the truth?
Received: from netcel.com ([80.42.154.232])
 by nospam.netcel.com (SAVSMTP 3.1.0.29) with SMTP id M2004042323185126674
 for ********.com>; Fri, 23 Apr 2004 23:18:52 +0100



I have up to now guessed these were down to 'someone' else's pc infected 
with netsky or mydoom but after a lull I have been bombarded with loads 
of such mails over the course of the day.

I would just like some reassurance that this is indeed due to other 
people infected boxes rather mine. I have of course run several full 
system scans with Norton av with the latest definitions etc and do use a 
firewall, Spybot etc.

I've googled and this starts to confirm my suspicions but isn't authorative.

Thanks in advance,

Guru



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault