|
Is this a virus I've been sent???
I've just checked in my Bulk E-Mail folder and received an e-mail from "[email protected]" titled "Mail Delivery (failed <my e-mail address>)". I know I have definately not sent an e-mail to the sender, and have no dealings with dyson.com, furthermore my e-mail address is reasonably unique and although I do get the occasional NetSky(?) virus sent (about twice a week at most), receive no bulk/trash mails.
Anyhow I can open the actual mail safely to see the text and have this written: If the message will not displayed automatically, follow the link to read the delivered message. Received message is available at: www.btinternet.com/inbox/<my Yahoo! id>/read.php?sessionid-<5 numbers> Thanks to all and Merry Christmas. 5mb :ok: |
5milesbaby, please delete the mail. Following the link will cause infection with a mass-mailing worm known as W32/Baba.
|
Thanks Tuba, thought as much. I rarely look at stuff I'm not expecting anyhow, just found it unusual for it to be sent in this way. The Netsky one I was on about is also a W32. one as I have just received another. Fortunately Norton sorts them out before I can get anywhere near. How are they able to use so many different user names, and such a variety too? I've even had them sent from lookalike Post Office and Inland Revenue addresses, it certainly makes you think before binning them all.
Finally, how do they get your e-mail address? I very rarely give it out to anybody, always check the box to receive no advertising, and never display it on-line. The only people that have it are good friends so to me it looks like btinternet, my provider, are to blame!! Is there any way I can stop getting them? Cheers 5mb :ok: |
As for the user names, the sender will be using his/her own SMTP engine rather than an off-the-shelf mail client, with a programmed element that produces randomised sender names and (purported) source addresses.
As regards your email address, I doubt whether btinternet is to blame... can you be sure that when you check the box for no advertising, your request is honoured? BTW, the W32 bit refers to the fact that the worm runs on 32-bit Windows systems - that is to say, most worms these days :rolleyes: |
5milesbaby,
I am sure that Email Addy has been spoofed. Expand the Email Header and post the info here. We will be able to give you details on where the Email come from. Take Care, Richard |
Naples, it was received from 81.103.54.144 (EHLO btinternet.com) (81.103.54.144) by mta818.mail.ukl.yahoo.com with SMTP; Mon, 13 Dec 2004 12:13:55 +0000. On the authentication results it said mta818.mail.ukl.yahoo.com with SMTP; domainkeys=neutral (no sig). For content type it says multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_001B_01C0CA80.6B015D10".
Cheers, 5mb :ok: |
5milesbaby,
There should have been a lot more to the header. As an example: Return-Path: <[email protected]> Received: from cdk.cdk.net (root@localhost) by naples-air-center.com (8.11.6/8.11.6) with ESMTP id iBG7eYN16628; Wed, 15 Dec 2004 23:40:34 -0800 X-ClientAddr: 221.127.7.245 Received: from 65.18.128.126 ([221.127.7.245]) by cdk.cdk.net (8.11.6/8.11.6) with SMTP id iBG7eMj16617; Wed, 15 Dec 2004 23:40:23 -0800 Received: from 136.34.126.240 by 221.127.7.245; Thu, 16 Dec 2004 08:39:17 +0100 Message-ID: <[email protected]> From: "Sharon" <[email protected]> Reply-To: "Sharon" <[email protected]> To: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Subject: we carry real vicodin Date: Thu, 16 Dec 2004 02:39:17 -0500 X-Mailer: AOL 9.0 for Windows US sub 212 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--7740178784474255283" X-Priority: 3 X-MSMail-Priority: Normal X-IP: 116.56.246.0 inetnum: 221.124.0.0 - 221.127.255.255 netname: HGC descr: Hutchison Global Communications country: HK admin-c: IH17-AP tech-c: IH17-AP mnt-by: APNIC-HM mnt-lower: MAINT-HK-HGCADMIN status: ALLOCATED PORTABLE remarks: This object can only be modified by APNIC hostmaster remarks: If you wish to modify this object details please remarks: send email to [email protected] with your organisation remarks: account name in the subject line. changed: [email protected] 20040209 changed: [email protected] 20040212 source: APNIC person: ITMM HGC nic-hdl: IH17-AP e-mail: [email protected] remarks: --------------------- remarks: for spamming/hacking complaints remarks: send reports to remarks: [email protected] remarks: --------------------- address: 2/F COSCO-HIT TOWER, address: TERMINAL 8 EAST, CONTAINER PORT, address: ROAD SOUTHKWAI CHUNG, address: HONG KONG phone: +852-21229555 fax-no: +852-21239523 country: HK changed: [email protected] 20040207 mnt-by: MAINT-HK-HGCADMIN source: APNIC inetnum: 81.103.48.0 - 81.103.55.255 netname: NTL descr: NTL Infrastructure - Guildford country: GB admin-c: NNMC1-RIPE tech-c: NNMC1-RIPE status: ASSIGNED PA mnt-by: AS5089-MNT remarks: INFRA-AW changed: [email protected] 20021114 source: RIPE route: 81.102.0.0/15 descr: NTL-UK-IP-BLOCK origin: AS5089 mnt-by: AS5089-MNT changed: [email protected] 20040929 source: RIPE role: NTLI Network Management Centre address: NTL Internet address: Crawley Court address: Winchester address: Hampshire address: SO21 2QA trouble: ------------------------------------------------------- trouble: For abuse notifications please - trouble: file an online case @ http://www.ntlworld.com/netreport trouble: +44 1633 710142 (Voicemail Only) trouble: ------------------------------------------------------- trouble: For peering issues/requests please - trouble: email : [email protected] trouble: ------------------------------------------------------- admin-c: MH22007-RIPE admin-c: CF2297-RIPE admin-c: CM1377-RIPE tech-c: MH22007-RIPE tech-c: CF2297-RIPE tech-c: CM1377-RIPE nic-hdl: NNMC1-RIPE mnt-by: AS5089-MNT notify: [email protected] e-mail: [email protected] changed: [email protected] 20030328 changed: [email protected] 20030401 changed: [email protected] 20030603 changed: [email protected] 20030707 changed: [email protected] 20040303 changed: [email protected] 20040312 changed: [email protected] 20040929 source: RIPE Richard |
hi Richard, the full header is below with just my IP and e-mail address removed:
X-Apparently-To: <me>@btinternet.com via <IP address>; Mon, 13 Dec 2004 12:13:55 +0000 X-YahooFilteredBulk: 81.103.54.144 Authentication-Results: mta818.mail.ukl.yahoo.com from=dyson.com; domainkeys=neutral (no sig) X-Originating-IP: [81.103.54.144] Return-Path: <[email protected]> Received: from 81.103.54.144 (EHLO btinternet.com) (81.103.54.144) by mta818.mail.ukl.yahoo.com with SMTP; Mon, 13 Dec 2004 12:13:55 +0000 From: [email protected] Add to Address Book To: <me>@btinternet.com Subject: Mail Delivery (failure <me>@btinternet.com) Date: Mon, 13 Dec 2004 12:13:54 +0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_001B_01C0CA80.6B015D10" X-Priority: 3 X-MSMail-Priority: Normal Content-Length: 30626 From looking at what you already think I take it that someone sent it to me using NTL as their ISP in Guildford? Ironically the Management Centre is not too far from where I live!! |
5milesbaby,
It looks like: role: NTLI Network Management Centre address: NTL Internet address: Crawley Court address: Winchester address: Hampshire address: SO21 2QA person: Michael Michael address: Compusystems Assocs. Ltd address: Haberfield Park Farm, Pill Road address: BS8 3RE Abbots Leigh, Bristol address: GB phone: +44 117 3129245 fax-no: +44 1275 371422 e-mail: [email protected] Richard |
Thanks Richard, the NTL complaints link in one of your earlier messages has been filled in and I'll let you know of any responses I get. I know its all in vein really and that we will not be able to shut everyone down, but I'm in the mood for trying!!
5mb :ok: |
| All times are GMT. The time now is 16:25. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.