Paul Howarth wrote:
Mike McCarty wrote:
Paul Howarth wrote:
It's probably just clueless anti-virus software sending mail to the
forged sender address used by the virus.
Quite possibly. But some of it has the virus in it as well.
I'd like some help reading the forged headers and trying
to clean or shut down whoever is doing this.
How about posting the headers from one of the mails and we can take a
look at them?
Paul.
Ok, here's an example. I turned on all headers. The actual message
in this case is one that my ISP caught, and clobbered the attachment
which the ISP claims contains a copy of a virus. In cases like this,
the attachment is 0 bytes long. The message sent to me purports
to be a delivery failure. I know for a fact that I did not send
any such message. As pointed out by others, this may be the results
of yet another party who is infected, and who is unknowingly spoofing my
e-mail address. It has been more than a year since I last booted
Windows XP on my machine, and when I do boot it I am never connected
to the net. I have never set up XP on this machine to be able to
send or receive email.
-M-E-S-S-A-G-E---B-E-G-I-N-S-
Your AT&T Yahoo! Mail Virus Protection detected the virus
'W32.Mydoom.M@mm' in the file 'Document.pif', attached to the enclosed
email message. We scanned the file using Norton AntiVirus but were
unable to clean it. Therefore, we removed the content of the attachment
from the message. Please contact the message sender if you want to
receive the attachment. They must clean the file and resend it before we
can deliver it to you safely.
AT&T Yahoo! Mail successfully cleans most infected attachments, which
protects you from viruses.
Subject: Delivery reports about your e-mail
From: "Mail Administrator" <MAILER-DAEMON@xxxxxxxxxxxxx>
Date: Wed, 13 Sep 2006 14:23:40 +0000
To: mike.mccarty@xxxxxxxxxxxxx
X-Apparently-To: mike.mccarty@xxxxxxxxxxxxx via 216.252.101.37; Wed, 13
Sep 2006 11:07:33 -0700
X-Originating-IP: [162.39.117.147]
Authentication-Results:
mta101.sbc.mail.mud.yahoo.com from=sbcglobal.net; domainkeys=neutral (no
sig)
Received: from 207.115.57.79 (EHLO ylpvm48.prodigy.net) (207.115.57.79)
by mta101.sbc.mail.mud.yahoo.com with SMTP; Wed, 13 Sep 2006 11:07:33 -0700
X-Originating-IP: [162.39.117.147]
Received: from sbcglobal.net (h147.117.39.162.ip.alltel.net
[162.39.117.147]) by ylpvm48.prodigy.net (8.13.6 inb/8.13.6) with ESMTP
id k8DI7NKK019802 for <mike.mccarty@xxxxxxxxxxxxx>; Wed, 13 Sep 2006
14:07:31 -0400
Message-ID: <200609131807.k8DI7NKK019802@xxxxxxxxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_7AAB0288.C52F82A9"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
This message was undeliverable due to the following reason(s):
Your message could not be delivered because the destination server was
not reachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.
Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.
Your message could not be delivered within 8 days:
Host 130.19.41.21 is not responding.
The following recipients could not receive this message:
<mike.mccarty@xxxxxxxxxxxxx>
Please reply to postmaster@xxxxxxxxxxxxx
if you feel this message to be in error.
-M-E-S-S-A-G-E---E-N-D-S-
Thanks for any help.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!