Author Topic: Strange Message from a Stranger  (Read 12115 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Strange Message from a Stranger
« on: November 24, 2004, 01:33:35 AM »
I just copied the following message from an e-mail waiting for me at my ISP.
Since I use MailWasher, I get to see my e-mail before it ever gets delivered:

"Symantec AntiVirus found a virus in an attachment you (ME@MY ISP.net <ME@MY ISP>) sent to Anwar Byrd.

To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment.


Attachment:  document09.zip
Virus name: W32.Netsky.P@mm
Action taken:  Clean failed : Delete succeeded :
File status:  Deleted





===========================================================================


---
avast! Professional Antivirus: Inbound message clean.
Virus Database (VPS): 0448-0, 11/23/2004
Tested on: 11/23/2004 5:03:26 PM
avast! - copyright (c) 2000-2004 ALWIL Software.
http://www.avast.com
"

I've changed the e-mail address. It used my e-mail address and the person I was supposed to have sent the e-mail to, isn't any one I know.
Anybody have any answers????




Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Rocker

  • Guest
Re:Strange Message from a Stranger
« Reply #1 on: November 24, 2004, 01:48:34 AM »
Typical header mail address spoofing Bob.

Google finds many references.

http://www.symantec.com/avcenter/venc/data/w32.netsky.p@mm.html

Edit.. Sorry url wouldn't display properly, so it's copy/paste
« Last Edit: November 24, 2004, 01:52:11 AM by Rocker »

inthewildteam

  • Guest
Re:Strange Message from a Stranger
« Reply #2 on: November 24, 2004, 01:54:25 AM »
Backtrack through the headers in the email Bob3160,  always wise to do that first with any suspicious email.  I'd guess (without seeing the entire email) that Rocker has got it right.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:Strange Message from a Stranger
« Reply #3 on: November 24, 2004, 02:21:03 AM »
That's what I thought to. I's not being downloaded. Will delete it at the server.


Here's the Header:
Received: from alliance1.alliancemtg.local (sbi-24-177-181-33.mtv.al.charter.com[24.177.181.33](untrusted sender))
          by rwcrmxc19.comcast.net (rwcrmxc19) with ESMTP
          id <20041123211811r1900516hse>; Tue, 23 Nov 2004 21:18:11 +0000
X-Originating-IP: [24.177.181.33]
Subject: Virus Found in message "Proof of concept"
MIME-Version: 1.0
Content-Type: multipart/mixed;
   boundary="----_=_NextPart_001_01C4D1A2.34BB47D4"
Date: Tue, 23 Nov 2004 15:20:07 -0600
Content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Message-ID: <C6177FBC596B6442B101F30E18F201EE01B812@ALLIANCE1.alliancemtg.local>
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <C6177FBC596B6442B101F30E18F201EE01B812@ALLIANCE1.alliancemtg.local>
Thread-Topic: Virus Found in message "Proof of concept"
thread-index: AcTRojS7RotcL4AtTuWL2rl6apD/kA==
From: "Anwar Byrd" <AByrd@alliancehomemtg.com>

Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Rocker

  • Guest
Re:Strange Message from a Stranger
« Reply #4 on: November 24, 2004, 02:33:09 AM »
You have only the one dns to lookup in that header and it really takes you nowhere (as far as I can see).

Just be happy it was stopped  :)
« Last Edit: November 24, 2004, 02:34:13 AM by Rocker »

inthewildteam

  • Guest
Re:Strange Message from a Stranger
« Reply #5 on: November 24, 2004, 02:38:08 AM »
You have only the one dns to lookup in that header and it really takes you nowhere (as far as I can see).

Just be happy it was stopped  :)

Perhaps Bob edited it?   ;) ;)

I know I would have!

whocares

  • Guest
Re:Strange Message from a Stranger
« Reply #6 on: November 24, 2004, 02:45:08 AM »
The IP
24.177.181.33 (...charter.com) is in St Louis/MO,  according to VisualRoute


but judging from the domain-name, it's just a temporary/Dial-Up-connection

no point in pursuing this..

 ;)

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:Strange Message from a Stranger
« Reply #7 on: November 24, 2004, 03:03:36 AM »
Thanks everybody. I deleted it at the server. Haven't gotten any others.
Rocker:
The following link will show you how to post a Link on the Forum:
http://forum.avast.com/index.php?board=9;action=display;threadid=8547
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Rocker

  • Guest
Re:Strange Message from a Stranger
« Reply #8 on: November 24, 2004, 03:11:26 AM »
The following link will show you how to post a Link on the Forum:
http://forum.avast.com/index.php?board=9;action=display;threadid=8547

Thanks... did that a couple of times and it cut of the end of the url on both occassions.  :( As long as it was obvious.  ;)

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:Strange Message from a Stranger
« Reply #9 on: November 24, 2004, 03:38:27 AM »
Rocker
Here's your link following the lesson:
http://www.symantec.com/avcenter/venc/data/w32.netsky.p
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

techie101

  • Guest
Re:Strange Message from a Stranger
« Reply #10 on: November 24, 2004, 05:38:16 PM »
bob,

To be completely safe, run a full Avast scan and throw in an Adaware.

If you have A2 ( a2 or A-Squared anti trojan scanner), run that also.

What appears to be happening (or it did) was that a trojan or worm used your email header to "resend".  Spoofing is a pain in the neck as you get blamed for the "trash".  If it continues or reoccurs, let your ISP know.

As Rocker has stated, this is common but still must be addressed.

It could be a one time shot, but make sure that no little "bug" was left behind to do it again.

Good luck and Happy Holiday.
« Last Edit: November 24, 2004, 05:39:32 PM by Techie101 »

corrine

  • Guest
Re:Strange Message from a Stranger
« Reply #11 on: November 26, 2004, 10:38:36 AM »
Can aVast scan Hotmail or Yahoo messages?

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Strange Message from a Stranger
« Reply #12 on: November 26, 2004, 10:44:05 AM »
Avast can handle pop/smtp/imap emails.

Yahoo (unless paid for) is web-based and so is Hotmail.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Strange Message from a Stranger
« Reply #13 on: November 26, 2004, 11:37:25 AM »
Can aVast scan Hotmail or Yahoo messages?

Hotmail/Yahoo is not a pop3 email service (unless you pay for pop service), it is web based (so the Internet Mail provider doesn't directly protect it). Web based email is simply your email being viewed in the same way you browser the internet. The pages (that display your email) are downloaded into your Temporary Internet folder, just like regular web pages and displayed on your browser screen.

The Standard Shield will scan your files (as they are downloaded into your Temporary Internet folder) when sensitivity is set to High. You can round this 'problem' using 3rd party applications to download the Hotmail messages through the pop3 server (PopHotmail, for instance).

Hint: is avast not aVast  ;)
The best things in life are free.

S.Z.Craftec

  • Guest
Re:Strange Message from a Stranger
« Reply #14 on: November 26, 2004, 12:08:27 PM »
Can aVast scan Hotmail or Yahoo messages?

Actually, I have to correct Technical too... it's not aVast, and not even avast.. it's avast! (with exclamation point)

Btw, your signature corrine with those information about the system's info of every user that is looking at your signature is lying in here... hehe. IP is completely wrong. I'm behind hardware router/firewall, so it's unable to find out what's my real IP  ;) In some cases that's totaly useless.

I think someone already discussed in these forums about signatures like that one... it's not quite good idea to have them... especially in security related forums. We have a loot of newbie users, who are not familiar with this stuff. They may feel very vulnerable when they see that their system specs are listed in someone else's signature. I personaly don't have anything against it, but I understand how new users can feel. Big majority comes to these forums just because they already exeriencing some security difficulties, so this is just like gas to the fire...

Cheers !
« Last Edit: November 26, 2004, 12:10:42 PM by S.Z.Craftec »