RE: virus: Appeal for advice

From: Jonathan Davis (jonathan.davis@lineone.net)
Date: Tue Sep 02 2003 - 11:52:55 MDT

  • Next message: Blunderov: "RE: virus: Appeal for advice"

    Hi Blunderlov,

    Don't worry about it. This is the Sobig.e worm spoofing your address
    elsewhere. It is part of its normal behaviour, You can safely ignore these
    returned messages as they are not evidence that you are infected.

    You can read more here:

    http://in.tech.yahoo.com/030626/137/25gzb.html

    Regards

    Jonathan

    -----Original Message-----
    From: owner-virus@lucifer.com [mailto:owner-virus@lucifer.com] On Behalf Of
    Blunderov
    Sent: 02 September 2003 18:32
    To: virus@lucifer.com
    Subject: RE: virus: Appeal for advice

    This is nothing to do with virus but I thought I would just ask anyway:

    I have been getting a lot of mail returned to me as undeliverable. The
    trouble is I never sent out the mail which is being returned to me. Some
    mail is entitled 'that movie', a title which I have never used, some is
    entitled 'my details' which IS a title I have used sometimes in my former
    scambaiting activities.

    I have checked and rechecked my machine for all worms and viruses - I'm
    clean. In fact I have completely reformatted ALL my drives and reinstalled
    from scratch just in case I had unknown malevolent code somewhere.

    Is someone using my address somehow? ( I have another web based address,
    besides my mweb address; citizenx@postmaster.co.uk) I'm quite puzzled about
    what is going on. Probably it is a coincidence but quite a number of the
    returned mails have been addressed to military addresses which is somewhat
    alarming.

    Here is a sample. I have never sent any mail entitled 'Your application'
    to anyone, let only anyone in the US Military.

    <q>
    Received: from akomta3 (proxyip8.us.army.mil [140.183.234.122]) by
    rly-yc04.mx.aol.com (v95.1) with ESMTP id MAILRELAYINYC42-1ce3f533cdfbb;
    Mon, 01 Sep 2003 08:34:39 -0400
    Received: from mailrouter.us.army.mil (akomta3 [10.234.26.13]) by
    mailrouter.us.army.mil (AKO MTA - MTA3) with ESMTP id
    <0HKJ00G6KC9QWL@akomta3.us.army.mil> for cjones2420@aol.com (ORCPT
    clifford.byrd@us.army.mil); Mon, 01 Sep 2003 08:34:39 -0400
    (EDT)
    Received: from DOLLY (adsl-67-65-239-156.dsl.lbcktx.swbell.net
    [67.65.239.156])
     by mailrouter.us.army.mil (AKO MTA - MMP3) with ESMTP id
    <0HKJ00953C83V7@mailrouter.us.army.mil> for cjones2420@aol.com (ORCPT
    clifford.byrd@us.army.mil); Mon, 01 Sep 2003 08:34:38 -0400
    (EDT)
    Date: Mon, 01 Sep 2003 07:33:45 +0500
    From: squooker@mweb.co.za
    Subject: Re: Your application
    To: clifford.byrd@us.army.mil
    Message-id: <0HKJ00956C83V7@mailrouter.us.army.mil>
    MIME-version: 1.0
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    Content-type: multipart/mixed;
    boundary="Boundary_(ID_AxgRPz7g1BODm9AIwm7CxA)"
    Importance: Normal
    X-Priority: 3 (Normal)
    X-MSMail-priority: Normal
    X-MailScanner: Found to be clean
    X-AOL-IP: 140.183.234.122
    X-AOL-SCOLL-SCORE: 0:XXX:XX
    X-AOL-SCOLL-URL_COUNT: 0
    </q>

    All of which is Greek to me, or nearly so. I would be most grateful to any
    virus boffin who has the time and is able to give me some advice about all
    this.

    Thanks
    Blunderov

    ---
    To unsubscribe from the Virus list go to
    <http://www.lucifer.com/cgi-bin/virus-l>
    ---
    To unsubscribe from the Virus list go to <http://www.lucifer.com/cgi-bin/virus-l>
    


    This archive was generated by hypermail 2.1.5 : Tue Sep 02 2003 - 11:53:03 MDT