Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old June 11th, 2004, 04:27 PM
PurestLight's Avatar
PurestLight PurestLight is offline
Senior Member
 
Join Date: May 2004
O/S: MacOS
Location: Yorkshire
Posts: 3,629
Spoof e-mail?

Hi

I found the following e-mail in my spam folder from root@localhost.i4gate Ive never sent an e-mail to the supposed recipient. What is the person trying to do? Id be interested to know what goes on here:

"A virus was found in an Email message you sent. (I didn't)
This Email scanner intercepted it and stopped the entire message
reaching its destination.

The virus was reported to be:

Worm.SomeFool.Q
<----is this a known virus?


Please update your virus scanner or contact your IT support
personnel as soon as possible as you have a virus on your system.


Your message was sent with the following envelope:

MAIL FROM: (my e-mail address)
RCPT TO: sommers@vt4.net
(never heard of them)

... and with the following headers:

---
MAILFROM: (my e-mail address)
Received: from host217-44-122-158.range217-44.btcentralplus.com (HELO vt4.net) (217.44.122.158)
by node2 with SMTP; 11 Jun 2004 16:32:26 +0200
From:
To: sommers@vt4.net
Subject: Delivery (sommers@vt4.net)
Date: Fri, 11 Jun 2004 15:32:22 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA81.7B015D10"
X-Priority: 1
X-MSMail-Priority: High"


Thanks for looking

Julie
Reply With Quote
  #2  
Old June 11th, 2004, 05:13 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
Most of the smart viruses pick a random email address as the virus sender and this might be what you are seeing.

It works by someone having you in his or her address book and contracts the virus. The virus goes out to everyone in that address book and picks a random address as the sender for each virus sent. One of the outgoing viruses goes out as coming from your address and the person receiving has a virus checker that automatically responds to you and not the actual sender. You sit there saying ‘I haven’t sent to this address’ wondering what is happening. The real sender is unaware of sending it in the first place because he/she gets nothing back.

This makes the finding of the real sender virtually impossible.

Worm.SomeFool is a virus but you may not have it.

However it's best to be safe than sorry. Make sure your av is uptodate and run a full scan.
Reply With Quote
  #3  
Old June 11th, 2004, 05:24 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
It wouldnt be a bad idea to run Stinger:

http://vil.nai.com/vil/stinger/

It will find and kill the most popular viruses.
Reply With Quote
  #4  
Old June 11th, 2004, 05:26 PM
PurestLight's Avatar
PurestLight PurestLight is offline
Senior Member
 
Join Date: May 2004
O/S: MacOS
Location: Yorkshire
Posts: 3,629
Thanks for that TJ.......

I dont really understand it but all I would ask is: will someone receive this virus (who hasnt got an e-mail scanner, say) thinking that I have deliberately sent them one??? Could it be someone I know? Sorry, I know youve more pressing problems to deal with......

Julie
Reply With Quote
  #5  
Old June 11th, 2004, 05:28 PM
PurestLight's Avatar
PurestLight PurestLight is offline
Senior Member
 
Join Date: May 2004
O/S: MacOS
Location: Yorkshire
Posts: 3,629
Thanks again.....Ive got Stinger and Ill run it now
Reply With Quote
  #6  
Old June 11th, 2004, 05:30 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
Quote:
Originally Posted by PurestLight
Thanks for that TJ.......

I dont really understand it but all I would ask is: will someone receive this virus (who hasnt got an e-mail scanner, say) thinking that I have deliberately sent them one??? Could it be someone I know? Sorry, I know youve more pressing problems to deal with......

Julie
Don't be sorry. It's a pleasure be of some assistance. The answer to your questions is 'Yes'.
Reply With Quote
  #7  
Old June 11th, 2004, 05:32 PM
PurestLight's Avatar
PurestLight PurestLight is offline
Senior Member
 
Join Date: May 2004
O/S: MacOS
Location: Yorkshire
Posts: 3,629
Quote:
Originally Posted by TJolly
Don't be sorry. It's a pleasure be of some assistance. The answer to your questions is 'Yes'.
Oh blimey.....thats not good is it

Julie
Reply With Quote
  #8  
Old June 11th, 2004, 05:34 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
As I said initially you may not have the virus and your address was the one picked randomly as the sender.

Before running stinger run your av program. Which one do you have?
Reply With Quote
  #9  
Old June 11th, 2004, 05:37 PM
PurestLight's Avatar
PurestLight PurestLight is offline
Senior Member
 
Join Date: May 2004
O/S: MacOS
Location: Yorkshire
Posts: 3,629
Ive got Norton 2003 and AVG.....AVG is running as we speak....
Reply With Quote
  #10  
Old June 11th, 2004, 05:44 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
Here we go:

http://www.hkcert.org/valert/vinfo/w32.netsky.c@mm.html
Reply With Quote
  #11  
Old June 11th, 2004, 05:58 PM
PurestLight's Avatar
PurestLight PurestLight is offline
Senior Member
 
Join Date: May 2004
O/S: MacOS
Location: Yorkshire
Posts: 3,629
That's a very interesting link.....Ive had a quick look but Im going to read more when Ive fed the kids .


I had a couple of e-mails a few weeks ago with attachments - one was joke.mim, the other was also .mim. Needless to say I deleted them via Spam, but do you have any idea what .mim is?

Thaks

Julie
Reply With Quote
  #12  
Old June 11th, 2004, 06:03 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
Quote:
Originally Posted by PurestLight
That's a very interesting link.....Ive had a quick look but Im going to read more when Ive fed the kids .


I had a couple of e-mails a few weeks ago with attachments - one was joke.mim, the other was also .mim. Needless to say I deleted them via Spam, but do you have any idea what .mim is?

Thaks

Julie
Did the emails have any attachments or links?

I don't know anything about mim.
Reply With Quote
  #13  
Old June 11th, 2004, 06:09 PM
PurestLight's Avatar
PurestLight PurestLight is offline
Senior Member
 
Join Date: May 2004
O/S: MacOS
Location: Yorkshire
Posts: 3,629
Yes, they were attachments, only afew kb's, they looked like they could have been text documents, but they definitely had a .mim extension...........I havent been able to find anything out about them. I wish there was a 'safe place' to open stuf like this just to see what it contains; its probably just filthy links or something yuk
Reply With Quote
  #14  
Old June 11th, 2004, 06:21 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
If you pre-viewed that mail your are more than likely infected if they contained a virus.
Reply With Quote
  #15  
Old June 11th, 2004, 06:25 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
Turn the preview pane option off. Previewing an email actually opens an email, and lets the virus loose. For instructions on how to do that see

http://cybercoyote.org/security/prevpane.htm
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
IMPORTANT ! Spoof Cybertech Help ? jonnyred Malware Removal 5 January 20th, 2008 01:18 AM
Startrek spoof The Dude Jokes Forum 1 September 18th, 2007 08:56 AM
David Blaine stree magic (spoof) Gunslinger Jokes Forum 0 October 23rd, 2006 07:14 AM
Mac to PC switcher spoof... hypnotizeminds Jokes Forum 0 June 2nd, 2005 11:28 PM
UK Army Spoof Amarillo video The Dude Open Discussion 2 May 20th, 2005 01:23 AM


All times are GMT +1. The time now is 08:20 AM.