Virus?

[Sorgaine]

I just got an e-amil returned to me that I have never sent. Unless somehow it has ninja'd itself into my yahoo account, I don't think it could have came from me. I remember something about the last big e-mail virus using the addy of somebody in an address book as the sender address instead of where it is really coming from. Sooo... assuming I am right. Does anybody have me, HealerMedic@allakhazam.com (Never sent an e-mail to anybody at alla's, myself) or rcaputo974@aol.com in thier address book? If so, you may want to check your machine.

The original message was received at Mon, 19 Jan 2004 12:48:37 -0500
(EST)
from www1.allakhazam.com [216.155.41.199]


*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with
its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors
-----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail
could
not be delivered. The next line contains a second error message which
is a
general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail
administrator.

--AOL Postmaster



----- The following addresses had permanent fatal errors -----
<rcaputo974@aol.com>

----- Transcript of session follows -----
... while talking to air-xm02.mail.aol.com.:
>>> DATA
<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has
not been sent.
554 <rcaputo974@aol.com>... Service unavailable



Message/delivery-status

Reporting-MTA: dns; rly-xm05.mx.aol.com
Arrival-Date: Mon, 19 Jan 2004 12:48:37 -0500 (EST)

Final-Recipient: RFC822; rcaputo974@aol.com
Action: failed
Status: 5.0.0
Remote-MTA: DNS; air-xm02.mail.aol.com
Diagnostic-Code: SMTP; 554 TRANSACTION FAILED - Unrepairable Virus
Detected. Your mail has not been sent.
Last-Attempt-Date: Mon, 19 Jan 2004 12:49:04 -0500 (EST)

Received: from www1.allakhazam.com (www1.allakhazam.com
[216.155.41.199]) by rly-xm05.mx.aol.com (v97.10) with ESMTP id
MAILRELAYINXM52-610400c186c3b0; Mon, 19 Jan 2004 12:48:28 -0500
Received: from DRGRAY (c-67-163-22-205.client.comcast.net
[67.163.22.205])
by www1.allakhazam.com (8.12.8/8.12.2) with SMTP id i0JHj6kr042557
for <HealerMedic@allakhazam.com>; Mon, 19 Jan 2004 12:45:07 -0500
(EST)
Date: Mon, 19 Jan 2004 11:48:17 -0600
To: HealerMedic@allakhazam.com
Subject: Hi
From: Epona54@Yahoo.com
Message-ID: <rpffdkphvclumfsdlyu@Yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------638800403500346"
X-AOL-IP: 216.155.41.199
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
_________________

[Shiloch Veneficus]

Its easy enough to spoof your e-mail address so that you might get returned messages that never came from you.

To add to this, there was a significantly large group of folks who attacked HABEAS over the weekend, which is a spam-control e-mail service that authenticates e-mails by using special encrypted headers. The group of spammers found a way to insert phony headers that e-mail servers were passing through with no spam scores.

Since your original headers aren't included in the message you posted, its unclear if you were victimized by this or not, but shit like this happens all the time. The only real concern you should have is that someone would block your e-mail address because they've been getting spam from it.
_________________
Sage Shiloch Venzolmes - Arch Convoker - Walkers
QUALITY, not quantity.

[Sorgaine]

To date, I have had 4 total "returned" e-mails from EQ related sites. The most recent being EQDiva and EQGUI. So now I'm boggled over who has my e-mail address and is a huge EQ nut with a billion EQ related sites in thier address book.
_________________

[Shiloch Veneficus]

Its the virus.. "Novarg" or "Mydoom."

It spoofs your e-mail when it sends its attachments to other people, thus resulting in you getting returned messages from the places it sent the virus to. I wouldn't worry too much about it.
_________________
Sage Shiloch Venzolmes - Arch Convoker - Walkers
QUALITY, not quantity.

[BonlainyT]

I got them in my Yahoo account too Sorg, but luckily none on my home computer.
_________________
Xecutioner Smith(retired) Dread Lord of Walkers
Bonlainy Trueheart(retired) Lord Protector of Walkers

[Elyhim]

omg sorgaine emailed me a penis enlargement add!

[tenri]

Was she trying to tell you some thing LOL
_________________
Tenri Death

Ya Ya i know shut up skinny necro boy

[Gryfndor]

someone that has the virus has your E-Mail address and is spoofing it. I had it at my work address for awhile but my computer was clean. very annoying knowing that messages are going out saying god knows what with your name on them.
_________________
Gryfndor 65 Wizard
Epiphone 65 Necromancer
Niche 57 Enchanter
Farzy 51 rogue
Nasgul 29 Shadownight

[Bashdur K]

The newest one is Netsky which was first reported on 2/18/04. I got bombarded last Friday with spoofed e-mails, along with everyone in our office at exactly the same time. Looking at the "From" addresses I noticed a few that came from some of our Nextel phones. Our Nextel phones can receive, NOT send e-mail. I found out within a few minutes that one my my self-proclaimed computer "experts" had received a spoofed mail from a friend, and put the attachment on the desktop. BOOM...1264 files infected on his computer. Symantec had just released an update, and it took an hour, but NAV managed to get him cleaned up. I love Peter Norton, he's been my hero since DOS 1.0.
_________________