[ale] E-mail Virus (with header)

Fulton Green ale at FultonGreen.com
Mon Dec 17 14:55:37 EST 2001 

The "AOL.com" was spoofed. OTOH, the accompanying origination IP maps to the
canonical adsl-156-62-200.asm.bellsouth.net . Look familiar?

On Mon, Dec 17, 2001 at 02:30:19PM -0500, sangell at nan.net wrote:
>  Return-Path: <sangell at bellsouth.net>
>  Received: from imf01bis.bellsouth.net (mail201.mail.bellsouth.net [205.152.58.141])                                                               
>  	by magneto.troycable.net (8.9.3/8.9.3) with ESMTP id MAA46322
>  	for <mlecroy at troycable.net>; Mon, 17 Dec 2001 12:18:06 -0600 (CST)
>  	(envelope-from sangell at bellsouth.net)                                           
>  Received: from aol.com ([66.156.62.200]) by imf01bis.bellsouth.net
>  	(InterMail vM.5.01.04.00 201-253-122-122-20010827) with SMTP
>  	id <20011217181301.IGN21185.imf01bis.bellsouth.net at aol.com>
>  	for <mlecroy at troycable.net>; Mon, 17 Dec 2001 13:13:01 -0500
>  From: "Steve Angell" <_sangell at bellsouth.net>
>  To: mlecroy at troycable.net
>  Subject: Re:
>  MIME-Version: 1.0
>  Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_===="                                           
>  X-Priority: 3
>  X-MSMail-Priority: Normal
>  X-Unsent: 1
>  Message-Id: <20011217181301.IGN21185.imf01bis.bellsouth.net at aol.com>
>  Date: Mon, 17 Dec 2001 13:13:04 -0500
> 
> Alright guys I need help. I am not an e-mail guru in the least and I am
> sure someone here will know wtf is going on. I am getting returned mail
> from all sorts of places saying I have a virus. Now, I am not sending these
> e-mails nor is my PC for e-mail even turned on so I know these e-mails are
> not coming from me. I only know I am getting the return e-mails due to
> webmail via bellsouth. I will paste the header from one of the returned
> e-mails and see what you guys can gleam from it. It would appear to me that
> the e-mails are being relayed from someone at AOL.com but I am not sure if
> I am looking at the right thing. In the header it says
> yada.yada.yada.lotsofnumbers.somebellsouth.server at aol.com. What is all this
> and who shoulld I notify first Bellsouth or AOL????

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list