pbura
|
| posted on 10/3/04 at 08:34 PM |
|
|
WTF kind of virus hoax is this?
The other day, I received an e-mail from (purportedly) another would-be Locost builder in my area, just saying hi and asking a couple of questions.
So I sent off a reply, and a couple of hours later received a delivery failure notice (purportedly) from my ISP.
Attached to the failure notice were (1) my original e-mail, and (2) a file called 'Re_document.eml' which supposedly contained a virus
(according to my ISP) THAT I HAD SENT. 
I opened the EML file with WordPad and here's what it said (minus the virus part and @ signs):
_______________________________________
X-Apparently-To: phburaATameritech.net via web80602.mail.yahoo.com; Wed, 10 Mar 2004 08:08:17 -0800
X-YahooFilteredBulk: 80.235.44.195
Return-Path: <karruskaAThot.ee>
Received: from mx1-chcgil.chcgil.ameritech.net (206.141.192.66)
by mta826.mail.sc5.yahoo.com with SMTP; Wed, 10 Mar 2004 08:06:27 -0800
X-Originating-IP: [80.235.44.195]
X-Header-Overseas: Mail.from.Overseas.source.80.235.44.195
Received: from ameritech.net (80-235-44-195-dsl.mus.estpak.ee [80.235.44.195])
by mx1-chcgil.chcgil.ameritech.net (8.12.10/8.12.10) with ESMTP id i2AG6J3a005738
for <phburaATameritech.net>; Wed, 10 Mar 2004 10:06:23 -0600 (CST)
Message-Id: <200403101606.i2AG6J3a005738@mx1-chcgil.chcgil.ameritech.net>
From: karruskaAThot.ee
To: phburaATameritech.net
Subject: Re: Document
Date: Wed, 10 Mar 2004 18:06:42 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0000_00003993.000012B7"
X-Priority: 3
X-MSMail-Priority: Normal
This is a multi-part message in MIME format.
------=_NextPart_000_0000_00003993.000012B7
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Here is the file.
------=_NextPart_000_0000_00003993.000012B7
Content-Type: application/octet-stream;
name="your_document.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="your_document.pif"
_______________________________________
Incidentally, I sent my e-mail off at 7:31 AM.
Just to check my own e-mail, I sent forwarded my outgoing mail to another mailbox, with no problema.
Anybody have a clue what happened here? Is it possible that my correspondent has a virus that spoofed my e-mail?
Pete
P.S. No implicit or explicit requests to see my genitals were involved. 
[Edited on 10/3/04 by pbura]
Pete
|
|
|
|
|
Staple balls
|
| posted on 10/3/04 at 08:40 PM |
|
|
hmmm
it's entirely possible that a virus on his system was spoofing your address to send viruses.
but is long as you're sure you're virus free, i wouldn't worry about it
|
|
|
Hellfire
|
| posted on 10/3/04 at 08:48 PM |
|
|
IFAIK
that's a fairly typical code for emails.
However, it looks like you may have a 'worm'. Do you have P2P (downloading for MP3's) software installed... it looks like one of the
new emailing virus's. kwbot or w32Pinfi... update your virus software at least every week!
|
|
|
pbura
|
| posted on 10/3/04 at 10:17 PM |
|
|
Thanks, I just updated the virus checker and I'm clean fo' sheezy. 
Thought the return path in this thing was a little weird---Estonia??!! That must be fake, too.
Pete
|
|
|
stephen_gusterson
|
| posted on 10/3/04 at 10:28 PM |
|
|
im getting about 5 virus emails a day, for the last few weeks, and its the same at my company email.
all have an attatchment, and some are made to look like bounced emails, so you open them.
I have had some sent by me to me!
And friends reunited 'looked' to have sent me one too.
its all an effort to get you to open the attatchment.
dont open ANY attatchments you are not expecting.
atb
steve
|
|
|
JoelP
|
| posted on 10/3/04 at 10:56 PM |
|
|
i dont open any attachments either, these cranks who clutter up the world forwarding joke pages annoy me... such crap. in fact, i dont even open
emails i arent expecting. except the obvious 'hammer her twat' ones, could use some of that...
|
|
|
pbura
|
| posted on 10/3/04 at 11:07 PM |
|
|
I can't resist looking at stuff to see how it works. I did, however, use WordPad rather than the default Windows 'Open' command,
which is [forrest]like opening a box of chocolates[/forrest]
Don't get any 'hammer her twat ones'. These are filtered out by Yahoo, who AFAIK invented 'hammer her twat' electronic
communications...and got rich off of it! 
Pete
|
|
|
