[ale] Email Tracking

Kevin O'Neill Stoll kevinostoll at yahoo.com
Thu May 2 10:14:47 EDT 2002


Yeah, I believe you are right Matt. Ironically I was reading a bit further
on the virus page and, just as you said, someone else probably has the
virus. One of the included files gives me a hint as to who has the virus.


--- Matt Smith <msmith at risklabs.com> wrote:
> ..continued
> 
> The headers of that email only provide info on the recipient of the
> virus's
> email.  They do not include the original email's headers, so that makes
> it
> hard to know where it came from originally.
> 
> The "the file is the original mail" attachment (I'm assuming) might have
> the
> headers of the original email, and would tell you where the virus
> sending
> email on your behalf originated.
> 
> --Matt
> 
> 
> -----Original Message-----
> From: Kevin O'Neill Stoll [mailto:kevinostoll at yahoo.com]
> Sent: Thursday, May 02, 2002 9:59 AM
> To: ale at ale.org
> Subject: [ale] Email Tracking
> 
> 
> Hey all,
> 
> I received a weird email just yesterday. The email shows as though I had
> personally sent it but that I got the address wrong. Needless to say I
> know that I didn't send it. The email had a few attachments with it one
> of
> which had a file that contained a virus. Specifically, W32.Klez.gen at mm. 
> 
> I'm afraid that my home Win98 mahcine has this virus on it but this
> email
> is the first sign of it that I have. Anyway, looking for feedback as to
> how, who or what send this email on "my behalf". If it is the virus,
> Symantec
>
(http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html)
> has some instructions as to how to take care of it.
> 
> 
> Thanks for the feedback in advance :)
> 
> I have included the full email headers below:
> host4.hostaurl.com is my siteturn.com hosting server
> kstoll at localhost should be my Linux box acting as router and masq for my
> DSL service.
> 
> 
> X-Apparently-To: kevinostoll at yahoo.com via web12606.mail.yahoo.com; 01
> May
> 2002 13:15:11 -0700 (PDT) 
>  
> Return-Path: <kstoll at host4.hostaurl.com> 
>  
> Received: from host4.hostaurl.com (209.239.36.17) by
> mta461.mail.yahoo.com
> with SMTP; 01 May 2002 13:15:10 -0700 (PDT) 
>  
> Received: (from kstoll at localhost) by host4.hostaurl.com (8.10.2/8.10.2)
> id
> g41KF8S00473 for kevinostoll at yahoo.com; Wed, 1 May 2002 16:15:08 -0400 
>  
> Received: from mx04.gvl.sys.nuvox.net (mx04.gvl.sys.nuvox.net
> [64.89.70.86]) by host4.hostaurl.com (8.10.2/8.10.2) with ESMTP id
> g41KF5D00455 for <kevin_stoll at kevinstoll.org>; Wed, 1 May 2002 16:15:05
> -0400 
>  
> Received: from Udwbd (216.215.247.48.nw.nuvox.net [216.215.247.48]) by
> mx04.gvl.sys.nuvox.net (8.11.4/8.11.4) with SMTP id g41KDxK24955 for
> <kevin_stoll at kevinstoll.org>; Wed, 1 May 2002 16:14:00 -0400 
>  
> Date: Wed, 1 May 2002 16:14:00 -0400 
>  
> Message-Id: <200205012014.g41KDxK24955 at mx04.gvl.sys.nuvox.net> 
>  
> From: "postmaster" <postmaster at kevinstoll.org> | Block Address  | Add to
> Address Book 
>  
> To: kevin_stoll at kevinstoll.org 
>  
> Subject: Undeliverable mail--"the Garden of Eden" 
>  
> MIME-Version: 1.0 
>  
> Content-Type: multipart/alternative; boundary=DjPdv8p6t1KR629OI 
>  
> Content-Length: 63000
> 
> The following mail can't be sent to di_rich_stone at compuserve.com:
> 
> From: kevin_stoll at kevinstoll.org
> To: di_rich_stone at compuserve.com
> Subject: the Garden of Eden
> The file is the original mail 
> 
> 
> =====
> ================================
> Kevin O'Neill Stoll
> http://kevinstoll.org/
> 
> OpenSource Software ... FREE!
> Angering Bill Gates ... Priceless!
> ================================
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Health - your guide to health and wellness
> http://health.yahoo.com
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems
> should be
> 
> sent to listmaster at ale dot org.
> 
> 
> ----- 
> Confidential Information 
> 
> The information in this e-mail message (including any attachments) is
> privileged and confidential information intended only for the use of the
> individual or entity named above.  If the reader of this message is not
> the
> intended recipient, you are hereby notified that any dissemination,
> distribution, or copying of this communication is strictly prohibited.


=====
================================
Kevin O'Neill Stoll
http://kevinstoll.org/

OpenSource Software ... FREE!
Angering Bill Gates ... Priceless!
================================

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list