JUST HAVE A LOOK... VIRUS IN MY MAIL

Discussion in 'other security issues & news' started by subratam, Feb 7, 2004.

Thread Status:
Not open for further replies.
  1. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    From: postmaster@cacofonix.enet.com.np Add to Address Book
    To: (it-is-my-email)@yahoo.com
    Subject: VIRUS IN YOUR MAIL




    V I R U S A L E R T

    Automatic virus scanning software at Everest Net Pvt. Ltd., Kathmandu,
    Nepal [www.enet.com.np] has detected the

       Worm.SCO.A

    virus(es) in your email to the following recipient(s):

    -> peter@enet.com.np

    Please keep your anti-virus definition up-to-date and check your system
    for viruses, or ask your system administrator to do so.

    If the scanned email was infected by the Klez virus or one of its
    variants, please note that the Klez virus has capabilities to fake the
    sender. You may have received this email as a result of someone else
    sending a Klez infected email with your identity.

    For your reference, here are the headers from your email:

    ------------------------- BEGIN HEADERS -----------------------------
    Received: from unknown (HELO yahoo.com) (203.199.110.37)
    by cacofonix.enet.com.np with SMTP; 7 Feb 2004 06:44:37 -0000
    From: (it-is-my-email :eek: :eek: )@yahoo.com
    To: peter@enet.com.np
    Subject: hi
    Date: Sat, 7 Feb 2004 11:52:16 +0530
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
       boundary="----=_NextPart_000_0002_5FE654D7.ECC9F8F3"
    X-Priority: 3
    X-MSMail-Priority: Normal
    -------------------------- END HEADERS ------------------------------

    Please do not hesitate to write to virus@enet.com.np should you have
    any questions.

    Systems Department
    Everest Net Pvt. Ltd.
    Jawalakhel, Kathmandu, Nepal.

    info@enet.com.np
    www.enet.com.np

    977-1-546010 Telephone (Head Office)
    977-1-221213 Telephone (New Road Branch)
    977-1-539431 Fax

    Everest Net - where the world is not just technology...
    a Lotus Holdings (www.lotusholdings.com) company

    what is this??!!!.....
    man this sucks......
     
  2. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Subratam

    It isn't totally clear what you're concerned about. The statement in the message may be correct:

    "You may have received this email as a result of someone else
    sending a Klez infected email with your identity."

    Meaning you might not have a virus, but another infected machine sent out an email that spoofed your email address as the sender.

    - Optigrab
     
  3. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    hey optigrab,

    just check out www.lotusholdings.com .... or www.enet.com.np

    what do u see??

    i see cannot find server.....

    i dun negate ur comment that some one have spoofed my email... but i might agree that... coz my point of concern is... what the heck is this??
    even i got "SERVER REPORT" from one of my frnd's id but that email was created one day b4 and none except me knoz that...
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Hi sub,

    The vast majority of these virus removed warning emails are invalid... First, even if they are from a real virus scanning system, which often is not the case, since so many viruses today spoof email addresses most of these warnings are sent to the wrong people. Second, a lot of these alerts are actually attempts at sending real viruses, or in some ways worse than that, they are attempts to solicit replies from people simply to harvest their valid email addresses for future spam.

    The general advice for handling these messages is always the same. If your system is clean and you gets any messages like this (especially if the addresses involved are totally unknown to you) then simply treat them as spam and delete them. In most cases, you won't be able to track down either the sender, or do anything about these messages coming in.

    The fact that the servers mentioned either don't resolve in DNS, or are offline just furthers the idea that it is all bogus.
     
  5. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Hi Mike,

    thx :) for the valuable advices as always you have given...
    just one more thing to tell you...

    I even got some mails from "valid" my mates list and even as i said in the previous post... I just created an email and :eek: .. hola the next day i get an email from one of my mate whom I know for sure but nope.. none knew bout that email I created....

    I sometimes think... how high the level of evilness have gone up...
    thank god... its the victory for the good always... :)
     
  6. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    :rolleyes:

    Often spoofed email addresses are pulled from the address book on an infected machine. So it's not uncommon to see addresses of people we know referenced within these bogus virus warning emails. The email is still invalid, just a bit more convincing for the recipient.
     
  7. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Or webpages cached on the infected machine as I have learnt to great cost.
     
Loading...
Thread Status:
Not open for further replies.