PDA

View Full Version : JUST HAVE A LOOK... VIRUS IN MY MAIL

subratam
February 7th, 2004, 03:42 AM
From: postmaster@cacofonix.enet.com.np Add to Address Book
To: (it-is-my-email)@yahoo.com
Subject: VIRUS IN YOUR MAIL




V I R U S A L E R T

Automatic virus scanning software at Everest Net Pvt. Ltd., Kathmandu,
Nepal [www.enet.com.np] has detected the

***Worm.SCO.A

virus(es) in your email to the following recipient(s):

-> peter@enet.com.np

Please keep your anti-virus definition up-to-date and check your system
for viruses, or ask your system administrator to do so.

If the scanned email was infected by the Klez virus or one of its
variants, please note that the Klez virus has capabilities to fake the
sender. You may have received this email as a result of someone else
sending a Klez infected email with your identity.

For your reference, here are the headers from your email:

------------------------- BEGIN HEADERS -----------------------------
Received: from unknown (HELO yahoo.com) (203.199.110.37)
by cacofonix.enet.com.np with SMTP; 7 Feb 2004 06:44:37 -0000
From: (it-is-my-email :o :o )@yahoo.com
To: peter@enet.com.np
Subject: hi
Date: Sat, 7 Feb 2004 11:52:16 +0530
MIME-Version: 1.0
Content-Type: multipart/mixed;
***boundary="----=_NextPart_000_0002_5FE654D7.ECC9F8F3"
X-Priority: 3
X-MSMail-Priority: Normal
-------------------------- END HEADERS ------------------------------

Please do not hesitate to write to virus@enet.com.np should you have
any questions.

Systems Department
Everest Net Pvt. Ltd.
Jawalakhel, Kathmandu, Nepal.

info@enet.com.np
www.enet.com.np

977-1-546010 Telephone (Head Office)
977-1-221213 Telephone (New Road Branch)
977-1-539431 Fax

Everest Net - where the world is not just technology...
a Lotus Holdings (www.lotusholdings.com) company

what is this??!!!.....
man this sucks......
optigrab
February 7th, 2004, 09:00 AM
Subratam

It isn't totally clear what you're concerned about. The statement in the message may be correct:

"You may have received this email as a result of someone else
sending a Klez infected email with your identity."

Meaning you might not have a virus, but another infected machine sent out an email that spoofed your email address as the sender.

- Optigrab
subratam
February 7th, 2004, 09:31 AM
hey optigrab,

just check out www.lotusholdings.com .... or www.enet.com.np

what do u see??

i see cannot find server.....

i dun negate ur comment that some one have spoofed my email... but i might agree that... coz my point of concern is... what the heck is this??
even i got "SERVER REPORT" from one of my frnd's id but that email was created one day b4 and none except me knoz that...
LowWaterMark
February 7th, 2004, 12:49 PM
Hi sub,

The vast majority of these virus removed warning emails are invalid... First, even if they are from a real virus scanning system, which often is not the case, since so many viruses today spoof email addresses most of these warnings are sent to the wrong people. Second, a lot of these alerts are actually attempts at sending real viruses, or in some ways worse than that, they are attempts to solicit replies from people simply to harvest their valid email addresses for future spam.

The general advice for handling these messages is always the same. If your system is clean and you gets any messages like this (especially if the addresses involved are totally unknown to you) then simply treat them as spam and delete them. In most cases, you won't be able to track down either the sender, or do anything about these messages coming in.

The fact that the servers mentioned either don't resolve in DNS, or are offline just furthers the idea that it is all bogus.
subratam
February 7th, 2004, 01:09 PM
Hi Mike,

thx :) for the valuable advices as always you have given...
just one more thing to tell you...

I even got some mails from "valid" my mates list and even as i said in the previous post... I just created an email and :o .. hola the next day i get an email from one of my mate whom I know for sure but nope.. none knew bout that email I created....

I sometimes think... how high the level of evilness have gone up...
thank god... its the victory for the good always... :)
optigrab
February 7th, 2004, 01:23 PM
::)

Often spoofed email addresses are pulled from the address book on an infected machine. So it's not uncommon to see addresses of people we know referenced within these bogus virus warning emails. The email is still invalid, just a bit more convincing for the recipient.
JayK
February 8th, 2004, 05:43 AM
-{ Quote: " quoting: optigrab link=board=18;threadid=21333;start=0#msg128492 date=1076178194]
::)

Often spoofed email addresses are pulled from the address book on an infected machine.


" }-

Or webpages cached on the infected machine as I have learnt to great cost.