[ale] E-mail Virus (with header)
Frank Zamenski
fzamenski at voyager.net
Mon Dec 17 21:28:09 EST 2001
Perhaps it should be obvious by inspection, but I'm not an
email guru either. How did you deduce that?
Thanks.
fgz
From: "Fulton Green" <ale at FultonGreen.com>
To: ale at ale.org
To: <sangell at nan.net>
Cc: <ale at ale.org>
Sent: Monday, December 17, 2001 2:55 PM
Subject: Re: [ale] E-mail Virus (with header)
> The "AOL.com" was spoofed. OTOH, the accompanying origination IP maps to
the
> canonical adsl-156-62-200.asm.bellsouth.net . Look familiar?
>
> On Mon, Dec 17, 2001 at 02:30:19PM -0500, sangell at nan.net wrote:
> > Return-Path: <sangell at bellsouth.net>
> > Received: from imf01bis.bellsouth.net (mail201.mail.bellsouth.net
[205.152.58.141])
> > by magneto.troycable.net (8.9.3/8.9.3) with ESMTP id MAA46322
> > for <mlecroy at troycable.net>; Mon, 17 Dec 2001 12:18:06 -0600 (CST)
> > (envelope-from sangell at bellsouth.net)
> > Received: from aol.com ([66.156.62.200]) by imf01bis.bellsouth.net
> > (InterMail vM.5.01.04.00 201-253-122-122-20010827) with SMTP
> > id <20011217181301.IGN21185.imf01bis.bellsouth.net at aol.com>
> > for <mlecroy at troycable.net>; Mon, 17 Dec 2001 13:13:01 -0500
> > From: "Steve Angell" <_sangell at bellsouth.net>
> > To: mlecroy at troycable.net
> > Subject: Re:
> > MIME-Version: 1.0
> > Content-Type: multipart/related; type="multipart/alternative";
boundary="====_ABC1234567890DEF_===="
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Unsent: 1
> > Message-Id: <20011217181301.IGN21185.imf01bis.bellsouth.net at aol.com>
> > Date: Mon, 17 Dec 2001 13:13:04 -0500
> >
> > Alright guys I need help. I am not an e-mail guru in the least and I am
> > sure someone here will know wtf is going on. I am getting returned mail
> > from all sorts of places saying I have a virus. Now, I am not sending
these
> > e-mails nor is my PC for e-mail even turned on so I know these e-mails
are
> > not coming from me. I only know I am getting the return e-mails due to
> > webmail via bellsouth. I will paste the header from one of the returned
> > e-mails and see what you guys can gleam from it. It would appear to me
that
> > the e-mails are being relayed from someone at AOL.com but I am not sure
if
> > I am looking at the right thing. In the header it says
> > yada.yada.yada.lotsofnumbers.somebellsouth.server at aol.com. What is all
this
> > and who shoulld I notify first Bellsouth or AOL????
>
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list