On Mon, Feb 04, 2002 at 08:48:08PM -0600, Dave Sherman wrote:
> All,
>
> I don't know what is going on, but someone or something is using my
> email address as the From: header for their emails. I am associated with
> the below ministry, and I suspect that the individual may have been
> infected by an Outlook virus, but have not been able to contact him yet.
Hmmm... the headers look interesting:
Received: from enchanter.real-time.com (enchanter.real-time.com [208.20.202.11])
by beaver.iucha.org (Postfix) with ESMTP id C64EA2D72
for <florin at iucha.net>; Mon, 4 Feb 2002 20:17:42 -0600 (CST)
Received: from mail.real-time.com (dsherman-rt-dsl.real-time.com +[208.20.203.226])
by enchanter.real-time.com (8.11.6/8.11.6) with SMTP id g152HWY32026;
Mon, 4 Feb 2002 20:17:32 -0600
Date: Mon, 4 Feb 2002 20:17:32 -0600
Message-Id: <200202050217.g152HWY32026 at enchanter.real-time.com>
So somebody broke into enchanter.real-time.com? Or is spoofing it?
> *Please* disregard any fishy emails that appear to come from me,
> especially if they have one or more attachments. I personally received
> the below message with two attachments, one was a valid MS Word doc, the
> other a 108kb executable file called "those.bat". It is binary, not a
> real DOS batch file, and I suspect it is the real virus in this whole
> thing.
OK.
florin
--
"If it's not broken, let's fix it till it is."
41A9 2BDE 8E11 F1C5 87A6 03EE 34B3 E075 3B90 DFE4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020204/ac943c9e/attachment.pgp