[Milsurplus] RE: Virus Emails

[email protected] [email protected]
Sat, 6 Sep 2003 11:55:14 EDT 

Group,

I'm not certain how this thread got started, and it's obviously off subject, 
but on the other hand, we all use email to communicate about the on subject.

There is another virus floating around that is I think the one Dick is 
referring to.  When it infects a machine, it starts sending emails that purport to 
be email reject notices.  Reasons given for the reject vary but the most common 
one is that the supposed original email had a disallowed attachment, usually 
with an extension of .pif or .scr.  The twist with this one is that it picks 
two addresses out of the infected machine's email address book, and spoofs one 
of them as the supposed sender and sends the reject notice to that one.  I've 
never yet recognized any of the other email addresses on the ones I received 
(the majority of which were .MIL or .GOV) so I don't know whether or not it 
spoofs them as well.  Probably does.  Some but not all claim to have originally 
been sent with Outlook Express, which I also do not use.  And of course 
somewhere in the purported reject message will be a disguised link that I assume 
would cause an infection attempt on my machine if I had clicked it.  At least with 
Compuserve 7.0, opening the email itself does not cause an infection attempt. 
 I have not tested it with Outlook.  I wish I could recall the designator 
assigned to the virus but it is one of those long alph-numeric things beginning 
with "M" and I didn't really pay much attention after someone explained what it 
did.

In a message dated 9/6/2003 10:07:46 AM Central Daylight Time, 
[email protected] writes: 
> On this same theme, I've been noticing another suspicious email attack.
> Some emails have arrived with my own email address as the return.
> They tell me that "my" email has been "cleaned" of a virus and invite
> me to open an attachment.  
> 
> The attachment is infected!!!
> 
> One thing that made me suspicious was that the incoming email said it had
> checked my Outlook Express for infections.
> 
> I don't use Outlook Express.
> 
> And a thorough check of my system using a program from work (Defense Dept.)
> shows that my machine is clean.
> 

Robert Downs - Houston
<http://www.wa5cab.com>
<[email protected]>


--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
The reason this message is shown is because the post was in HTML
or had an attachment.  Attachments are not allowed.  To learn how
to post in Plain-Text go to: http://www.expita.com/nomime.html  ---