I just copied the following message from an e-mail waiting for me at my ISP.
Since I use MailWasher, I get to see my e-mail before it ever gets delivered:

"[b]Symantec AntiVirus found a virus in an attachment you (ME@MY ISP.net <ME@MY ISP>) sent to Anwar Byrd.

To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment.

Attachment: document09.zip
Virus name: W32.Netsky.P@mm
Action taken: Clean failed : Delete succeeded :
File status: Deleted

===========================================================================

avast! Professional Antivirus: Inbound message clean.
Virus Database (VPS): 0448-0, 11/23/2004
Tested on: 11/23/2004 5:03:26 PM
avast! - copyright (c) 2000-2004 ALWIL Software.
http://www.avast.com[/b]"

I’ve changed the e-mail address. It used my e-mail address and the person I was supposed to have sent the e-mail to, isn’t any one I know.
Anybody have any answers???

Typical header mail address spoofing Bob.

Google finds many references.

http://www.symantec.com/avcenter/venc/data/w32.netsky.p@mm.html

Edit… Sorry url wouldn’t display properly, so it’s copy/paste

Backtrack through the headers in the email Bob3160, always wise to do that first with any suspicious email. I’d guess (without seeing the entire email) that Rocker has got it right.

That’s what I thought to. I’s not being downloaded. Will delete it at the server.

Here’s the Header:
Received: from alliance1.alliancemtg.local (sbi-24-177-181-33.mtv.al.charter.com[24.177.181.33](untrusted sender))
by rwcrmxc19.comcast.net (rwcrmxc19) with ESMTP
id <20041123211811r1900516hse>; Tue, 23 Nov 2004 21:18:11 +0000
X-Originating-IP: [24.177.181.33]
Subject: Virus Found in message “Proof of concept”
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=“----_=_NextPart_001_01C4D1A2.34BB47D4”
Date: Tue, 23 Nov 2004 15:20:07 -0600
Content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Message-ID: C6177FBC596B6442B101F30E18F201EE01B812@ALLIANCE1.alliancemtg.local
X-MS-Has-Attach:
X-MS-TNEF-Correlator: C6177FBC596B6442B101F30E18F201EE01B812@ALLIANCE1.alliancemtg.local
Thread-Topic: Virus Found in message “Proof of concept”
thread-index: AcTRojS7RotcL4AtTuWL2rl6apD/kA==
From: “Anwar Byrd” AByrd@alliancehomemtg.com

You have only the one dns to lookup in that header and it really takes you nowhere (as far as I can see).

Just be happy it was stopped

Perhaps Bob edited it?

I know I would have!

The IP
24.177.181.33 (…charter.com) is in St Louis/MO, according to VisualRoute

but judging from the domain-name, it’s just a temporary/Dial-Up-connection

no point in pursuing this…

Thanks everybody. I deleted it at the server. Haven’t gotten any others.
Rocker:
The following link will show you how to post a Link on the Forum:
http://forum.avast.com/index.php?board=9;action=display;threadid=8547

Thanks… did that a couple of times and it cut of the end of the url on both occassions. As long as it was obvious.

Rocker
Here’s your link following the lesson:
http://www.symantec.com/avcenter/venc/data/w32.netsky.p

bob,

To be completely safe, run a full Avast scan and throw in an Adaware.

If you have A2 ( a2 or A-Squared anti trojan scanner), run that also.

What appears to be happening (or it did) was that a trojan or worm used your email header to “resend”. Spoofing is a pain in the neck as you get blamed for the “trash”. If it continues or reoccurs, let your ISP know.

As Rocker has stated, this is common but still must be addressed.

It could be a one time shot, but make sure that no little “bug” was left behind to do it again.

Good luck and Happy Holiday.

Can aVast scan Hotmail or Yahoo messages?

Avast can handle pop/smtp/imap emails.

Yahoo (unless paid for) is web-based and so is Hotmail.

Hotmail/Yahoo is not a pop3 email service (unless you pay for pop service), it is web based (so the Internet Mail provider doesn’t directly protect it). Web based email is simply your email being viewed in the same way you browser the internet. The pages (that display your email) are downloaded into your Temporary Internet folder, just like regular web pages and displayed on your browser screen.

The Standard Shield will scan your files (as they are downloaded into your Temporary Internet folder) when sensitivity is set to High. You can round this ‘problem’ using 3rd party applications to download the Hotmail messages through the pop3 server (PopHotmail, for instance).

Hint: is avast not aVast

Actually, I have to correct Technical too… it’s not aVast, and not even avast… it’s avast! (with exclamation point)

Btw, your signature corrine with those information about the system’s info of every user that is looking at your signature is lying in here… hehe. IP is completely wrong. I’m behind hardware router/firewall, so it’s unable to find out what’s my real IP In some cases that’s totaly useless.

I think someone already discussed in these forums about signatures like that one… it’s not quite good idea to have them… especially in security related forums. We have a loot of newbie users, who are not familiar with this stuff. They may feel very vulnerable when they see that their system specs are listed in someone else’s signature. I personaly don’t have anything against it, but I understand how new users can feel. Big majority comes to these forums just because they already exeriencing some security difficulties, so this is just like gas to the fire…

Cheers !

and it says I am Running Mac OS 10.1 HA Im running 10.3

Is there really a difference between 10.1 and .3?

I apologize for my typo above. It won’t happen again.

The only person who can see the information in my signature is the person looking at it. I think enough people know that by now.

We have a loot of newbie users, who are not familiar with this stuff.

“Cheers!”

Want to bet how much my script has revealed about you? ;D ;D ;D

How much did it find…? :o