Zedric
NTFS Guru
- Joined
- 12 Jan 2002
- Messages
- 4,006
This morning I had this mail in my mailbox at Hotmail:
This looks to me like a bounced virus. There are a few problems though.
1. I never got an infected letter to forward.
2. At the time of sending I was very much asleep (3-4am here).
3. I don't use Outlook nor MSN Explorer.
This looks like someone sent the email from toronto-hse-pppXXXXXXX.sympatico.ca (censored) which looks like a dial-up account in Canada. The sender was spoofed to make it look like I sent it.
Any thoughts on this? Should I take any action?
This message was created automatically by mail delivery software (Exim).
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
xxxxx@xxxxxxxxxxxxx.com
This message has been rejected because it has
a potentially executable attachment "application.pif"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
Return-path: <masterzedric@hotmail.com>
Received: from toronto-hse-pppXXXXXXX.sympatico.ca ([xxx.xxx.xxx.xxx] helo=XP1800)
by server1.01domain.net with esmtp (Exim 3.36 #1)
id xxxxxxxxxxxxx
for xxxxx@xxxxxxxxxxxxx.com; Fri, 06 Jun 2003 20:51:20 -0600
From: <masterzedric@hotmail.com>
To: <xxxxx@xxxxxxxxxxxxx.com>
Subject: Re: Screensaver
Date: Fri, 6 Jun 2003 22:51:19 --0400
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="CSmtpMsgPart123X456_000_015B0B23"
Message-Id: <xxxxxxxxxxxxx@server1.01domain.net>
This is a multipart message in MIME format
--CSmtpMsgPart123X456_000_015B0B23
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Please see the attached file.
--CSmtpMsgPart123X456_000_015B0B23
Content-Type: application/octet-stream;
name="application.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="application.pif
<--- Attachment code appears here --->
This looks to me like a bounced virus. There are a few problems though.
1. I never got an infected letter to forward.
2. At the time of sending I was very much asleep (3-4am here).
3. I don't use Outlook nor MSN Explorer.
This looks like someone sent the email from toronto-hse-pppXXXXXXX.sympatico.ca (censored) which looks like a dial-up account in Canada. The sender was spoofed to make it look like I sent it.
Any thoughts on this? Should I take any action?