[ale] E-mail Virus (with header)

[Frank Zamenski]

Perhaps it should be obvious by inspection, but I'm not an
email guru either. How did you deduce that?

Thanks.
fgz


From: "Fulton Green" <ale at FultonGreen.com>
To: ale at ale.org
To: <sangell at nan.net>
Cc: <ale at ale.org>
Sent: Monday, December 17, 2001 2:55 PM
Subject: Re: [ale] E-mail Virus (with header)


> The "AOL.com" was spoofed. OTOH, the accompanying origination IP maps to
the
> canonical adsl-156-62-200.asm.bellsouth.net . Look familiar?
>
> On Mon, Dec 17, 2001 at 02:30:19PM -0500, sangell at nan.net wrote:
> >  Return-Path: <sangell at bellsouth.net>
> >  Received: from imf01bis.bellsouth.net (mail201.mail.bellsouth.net
[205.152.58.141])
> >  by magneto.troycable.net (8.9.3/8.9.3) with ESMTP id MAA46322
> >  for <mlecroy at troycable.net>; Mon, 17 Dec 2001 12:18:06 -0600 (CST)
> >  (envelope-from sangell at bellsouth.net)
> >  Received: from aol.com ([66.156.62.200]) by imf01bis.bellsouth.net
> >  (InterMail vM.5.01.04.00 201-253-122-122-20010827) with SMTP
> >  id <20011217181301.IGN21185.imf01bis.bellsouth.net at aol.com>
> >  for <mlecroy at troycable.net>; Mon, 17 Dec 2001 13:13:01 -0500
> >  From: "Steve Angell" <_sangell at bellsouth.net>
> >  To: mlecroy at troycable.net
> >  Subject: Re:
> >  MIME-Version: 1.0
> >  Content-Type: multipart/related; type="multipart/alternative";
boundary="====_ABC1234567890DEF_===="
> >  X-Priority: 3
> >  X-MSMail-Priority: Normal
> >  X-Unsent: 1
> >  Message-Id: <20011217181301.IGN21185.imf01bis.bellsouth.net at aol.com>
> >  Date: Mon, 17 Dec 2001 13:13:04 -0500
> >
> > Alright guys I need help. I am not an e-mail guru in the least and I am
> > sure someone here will know wtf is going on. I am getting returned mail
> > from all sorts of places saying I have a virus. Now, I am not sending
these
> > e-mails nor is my PC for e-mail even turned on so I know these e-mails
are
> > not coming from me. I only know I am getting the return e-mails due to
> > webmail via bellsouth. I will paste the header from one of the returned
> > e-mails and see what you guys can gleam from it. It would appear to me
that
> > the e-mails are being relayed from someone at AOL.com but I am not sure
if
> > I am looking at the right thing. In the header it says
> > yada.yada.yada.lotsofnumbers.somebellsouth.server at aol.com. What is all
this
> > and who shoulld I notify first Bellsouth or AOL????
>



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.