[ale] Email Tracking

Matt Smith msmith at risklabs.com
Thu May 2 10:07:46 EDT 2002


..continued

The headers of that email only provide info on the recipient of the virus's
email.  They do not include the original email's headers, so that makes it
hard to know where it came from originally.

The "the file is the original mail" attachment (I'm assuming) might have the
headers of the original email, and would tell you where the virus sending
email on your behalf originated.

--Matt


-----Original Message-----
From: Kevin O'Neill Stoll [mailto:kevinostoll at yahoo.com]
To: ale at ale.org
Sent: Thursday, May 02, 2002 9:59 AM
To: ale at ale.org
Subject: [ale] Email Tracking


Hey all,

I received a weird email just yesterday. The email shows as though I had
personally sent it but that I got the address wrong. Needless to say I
know that I didn't send it. The email had a few attachments with it one of
which had a file that contained a virus. Specifically, W32.Klez.gen at mm. 

I'm afraid that my home Win98 mahcine has this virus on it but this email
is the first sign of it that I have. Anyway, looking for feedback as to
how, who or what send this email on "my behalf". If it is the virus,
Symantec
(http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html)
has some instructions as to how to take care of it.


Thanks for the feedback in advance :)

I have included the full email headers below:
host4.hostaurl.com is my siteturn.com hosting server
kstoll at localhost should be my Linux box acting as router and masq for my
DSL service.


X-Apparently-To: kevinostoll at yahoo.com via web12606.mail.yahoo.com; 01 May
2002 13:15:11 -0700 (PDT) 
 
Return-Path: <kstoll at host4.hostaurl.com> 
 
Received: from host4.hostaurl.com (209.239.36.17) by mta461.mail.yahoo.com
with SMTP; 01 May 2002 13:15:10 -0700 (PDT) 
 
Received: (from kstoll at localhost) by host4.hostaurl.com (8.10.2/8.10.2) id
g41KF8S00473 for kevinostoll at yahoo.com; Wed, 1 May 2002 16:15:08 -0400 
 
Received: from mx04.gvl.sys.nuvox.net (mx04.gvl.sys.nuvox.net
[64.89.70.86]) by host4.hostaurl.com (8.10.2/8.10.2) with ESMTP id
g41KF5D00455 for <kevin_stoll at kevinstoll.org>; Wed, 1 May 2002 16:15:05
-0400 
 
Received: from Udwbd (216.215.247.48.nw.nuvox.net [216.215.247.48]) by
mx04.gvl.sys.nuvox.net (8.11.4/8.11.4) with SMTP id g41KDxK24955 for
<kevin_stoll at kevinstoll.org>; Wed, 1 May 2002 16:14:00 -0400 
 
Date: Wed, 1 May 2002 16:14:00 -0400 
 
Message-Id: <200205012014.g41KDxK24955 at mx04.gvl.sys.nuvox.net> 
 
From: "postmaster" <postmaster at kevinstoll.org> | Block Address  | Add to
To: ale at ale.org
Address Book 
 
To: kevin_stoll at kevinstoll.org 
 
Subject: Undeliverable mail--"the Garden of Eden" 
 
MIME-Version: 1.0 
 
Content-Type: multipart/alternative; boundary=DjPdv8p6t1KR629OI 
 
Content-Length: 63000

The following mail can't be sent to di_rich_stone at compuserve.com:

From: kevin_stoll at kevinstoll.org
To: ale at ale.org
To: di_rich_stone at compuserve.com
Subject: the Garden of Eden
The file is the original mail 


=====
================================
Kevin O'Neill Stoll
http://kevinstoll.org/

OpenSource Software ... FREE!
Angering Bill Gates ... Priceless!
================================

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be

sent to listmaster at ale dot org.


----- 
Confidential Information 

The information in this e-mail message (including any attachments) is
privileged and confidential information intended only for the use of the
individual or entity named above.  If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly prohibited.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list