[NTLUG:Discuss] is this possible

Tom Adelstein adelste at netscape.net
Thu Aug 21 17:25:10 CDT 2003 


work at myverse.net wrote:
> Nope.  Don't worry.
> 
> The sobig virus picks an address from the infected machine's address book
> and uses it as the FROM address.  It is a windows-only problem.
> 
> Unfortunately, someone you know apparently got nailed, because it found your
> address in their address book.
> 
> 
> -Jeff
> 
> 
> 
>>-----Original Message-----
>>From: discuss-bounces at ntlug.org 
>>[mailto:discuss-bounces at ntlug.org] On Behalf Of fredjame
>>Sent: Thursday, August 21, 2003 5:00 PM
>>To: NTLUG Discussion List
>>Subject: [NTLUG:Discuss] is this possible
>>
>>
>>I run a Mandrake Linux 9.1 desktop, and that is where my Mozilla mail 
>>client is.
>>I just received an email containing the message below - 
>>suggesting that 
>>I sent a message containing Win32/Sobig.F.Trojan to 
>>mhti at pct.edu. Beyond the fact that I don't know anyone with 
>>that address and haven't 
>>sent such a message, and that I know I address could easily 
>>faked into a 
>>message sent from almost any MS machine, is it possible for 
>>this virus 
>>to be using my Linux machine as a base of opperations?
>>
>> >>
>>
>>   ----- The following address(es) had permanent fatal errors 
>>----- <mhti at pct.edu>; originally to mhti at pct.edu (unrecoverable error)
>>      The mail system encountered a delivery failure, code -18.
>>      This failure could be due to circumstances out of its control,
>>      please check the transcript for details
>>        ----- Transcript of session follows -----
>>Your message is being returned since it seems to contain the 
>>Win32/Sobig.F.Trojan virus
>>
>>--------------------------------------------------------------
>>----------
>>
>>Reporting-MTA: dns; email.pct.edu
>>Arrival-Date: Thu, 21 Aug 2003 16:26:55 -0500
>>Original-Recipient: mhti at pct.edu
>>Final-Recipient: mhti at pct.edu
>>Action: failed
>>Status: 5.0.0
>><<
>>
>>-- 
>>...small is beautiful.
>>
>>
>>
>>_______________________________________________
>>https://ntlug.org/mailman/listinfo/discuss
>>
>>
> 
> 
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss

Don't let the message body fool you. Look at the headers.

I've been getting the for days.

I guess if someone has decided to attack Microsoft technologically, I 
can stand a few bad emails.

More information about the Discuss mailing list