Home page logo
/

basics logo Security Basics mailing list archives

Re: Returned Mails
From: "Murad Talukdar" <talukdar_m () subway com>
Date: Mon, 26 Apr 2004 15:09:32 +1000

Looks like the spoofing ability of virus engines that have infected pc's
with your email address in them. The virus engine substitutes your address
in the FROM field and so you get the return message even though you haven't
sent anything to that person.

The variants have been coming out periodically so there will every now and
then be a new 'rash' of these as they infect then get cleared up. Then a
'new' one will come out with modified attacks etc etc. Then you get a bunch
of these return messages and so on.


Murad Talukdar


----- Original Message ----- 
From: "Guru4u Support" <support () guru4u co uk>
To: <security-basics () securityfocus com>
Sent: Tuesday, April 27, 2004 3:55 AM
Subject: Returned Mails


Hi,

This is probably a stupid question but I could do with some confirmation
of what I think is happening. I've been receiving a lot of 'return' emails
claiming
they have been returned as I have a virus. Example below:


A virus was found in a message sent by this
account.

--- Scan information follows ---

Result: Virus Detected
Virus Name: W32.Netsky.C () mm
File Attachment: posting.txt.com
Attachment Status: deleted

--- Original message information follows ---

From: ************* () guru4u co uk
To: ********.com
Date: Fri, 23 Apr 2004 23:32:12 +0100
Subject: SPAM: the truth?
Received: from netcel.com ([80.42.154.232])
 by nospam.netcel.com (SAVSMTP 3.1.0.29) with SMTP id M2004042323185126674
 for ********.com>; Fri, 23 Apr 2004 23:18:52 +0100



I have up to now guessed these were down to 'someone' else's pc infected
with netsky or mydoom but after a lull I have been bombarded with loads
of such mails over the course of the day.

I would just like some reassurance that this is indeed due to other
people infected boxes rather mine. I have of course run several full
system scans with Norton av with the latest definitions etc and do use a
firewall, Spybot etc.

I've googled and this starts to confirm my suspicions but isn't
authorative.

Thanks in advance,

Guru



--------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------------------
--





---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault