[dba-Tech] I don't know what I don't know from where issendingmessages usingmy e-mail address...

John Colby jcolby at colbyconsulting.com
Mon Sep 8 13:08:07 CDT 2003


I have seen it occasionally.  Since I use NAV which finds infected emails
looking tike this it is usually (on my machine) spam.  I don't worry about
them, just delete them.

John W. Colby
www.colbyconsulting.com

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of Shamil
Salakhetdinov
Sent: Monday, September 08, 2003 2:02 PM
To: Discussion of Hardware and Software issues
Subject: Re: [dba-Tech] I don't know what I don't know from where
issendingmessages usingmy e-mail address...


> virus where they are spoofing the from
Yes, John, this looks like a virus running somewhere but not on my PC and
spoofing my e-mail addresses - have you seen something like that
manipulating/spoofing your e-mail addresses? - is that a common problem
everywhere? - I started to get such messages only several days ago...

Shamil

----- Original Message -----
From: "John Colby" <jcolby at colbyconsulting.com>
To: "Discussion of Hardware and Software issues"
<dba-tech at databaseadvisors.com>
Sent: Monday, September 08, 2003 9:42 PM
Subject: RE: [dba-Tech] I don't know what I don't know from where is
sendingmessages usingmy e-mail address...


> It could be spam where they are spoofing the from address.  Or it could be
a
> virus where they are spoofing the from.  In either case, you can delete
it.
>
> John W. Colby
> www.colbyconsulting.com
>
> -----Original Message-----
> From: dba-tech-bounces at databaseadvisors.com
> [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of Shamil
> Salakhetdinov
> Sent: Monday, September 08, 2003 1:34 PM
> To: dba - Tech
> Subject: [dba-Tech] I don't know what I don't know from where is sending
> messages usingmy e-mail address...
>
>
> Hi All,
>
> Have you ever seen a message returned to your mailbox, having your e-mail
> address in From field, which you didn't send? (see example in P.S.)
> This doesn't seem to be a virus running on my PC - my PC is scanned
> periodically using NAV with latest updates.
> And the recipients e-mail addresses of such messages aren't written in my
> address book, and even MS Outlook Express version I use is different!
>
> What is this? A virus NAV missing while scanning my PC? Or...? Could you
> please advice?
>
> This looks very much like SOBIG virus but I don't have it on my PC!
>
> So much confused,
> TIA for any info,
> Shamil
>
> P.S. Strange messages header:
>
> Return-path: <shamil at smsconsulting.spb.ru>
> Received: from conversion-daemon.mailgw2.cityu.edu.hk by
> mailgw2.cityu.edu.hk
>  (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003))
>  id <0HKW00601M6XOB at mailgw2.cityu.edu.hk>
>  (original mail from shamil at smsconsulting.spb.ru); Tue,
>  9 Sep 2003 01:11:56 +0800 (CST)
> Received: from USER-VJCG7U5W26 (171-043.onebb.com [202.180.171.43])
>  by mailgw2.cityu.edu.hk
>  (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003))
>  with ESMTP id <0HKW007I6N4417 at mailgw2.cityu.edu.hk> for
>  college.office at cityu.edu.hk; Tue, 09 Sep 2003 00:57:47 +0800 (CST)
> Date: Tue, 09 Sep 2003 01:28:39 +0800
> From: shamil at smsconsulting.spb.ru
> Subject: Thank you!
> To: college.office at cityu.edu.hk
> Message-id: <0HKW007I7N4417 at mailgw2.cityu.edu.hk>
> MIME-version: 1.0
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> Content-type: multipart/mixed;
> boundary="Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)"
> Importance: Normal
> X-Priority: 3 (Normal)
> X-MSMail-priority: Normal
> X-MailScanner: Found to be clean
>
> This is a multipart message in MIME format
>
> --Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)
> Content-type: text/plain; charset=iso-8859-1
> Content-transfer-encoding: 7BIT
>
> See the attached file for details
>
> --Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)
> Content-type: text/plain; Name=UnsafeFile.txt
> Content-transfer-encoding: 7BIT
> Content-disposition: inline
> Content-description: Unsafe file movie0045.pif is removed!
>
> ********* UNSAFE FILE REMOVED! *********
>
> The system has removed the following unsafe file from this mail:
>
> * Name of the file being removed: movie0045.pif
>
> Postmaster (Mail Administrator),
> City University of Hong Kong
> Email: postmaster at cityu.edu.hk
>
> (Reference number: 20030909_011156_13779)
> ********************************************
>
>
> --
> e-mail: shamil at smsconsulting.spb.ru
> http://smsconsulting.spb.ru/shamil_s
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
>
>
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com





More information about the dba-Tech mailing list