[dba-Tech] I don't know what I don't know from where is sending messages using my e-mail address...

Shamil Salakhetdinov shamil at SMSConsulting.spb.ru
Mon Sep 8 12:34:15 CDT 2003


Hi All,

Have you ever seen a message returned to your mailbox, having your e-mail
address in From field, which you didn't send? (see example in P.S.)
This doesn't seem to be a virus running on my PC - my PC is scanned
periodically using NAV with latest updates.
And the recipients e-mail addresses of such messages aren't written in my
address book, and even MS Outlook Express version I use is different!

What is this? A virus NAV missing while scanning my PC? Or...? Could you
please advice?

This looks very much like SOBIG virus but I don't have it on my PC!

So much confused,
TIA for any info,
Shamil

P.S. Strange messages header:

Return-path: <shamil at smsconsulting.spb.ru>
Received: from conversion-daemon.mailgw2.cityu.edu.hk by
mailgw2.cityu.edu.hk
 (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003))
 id <0HKW00601M6XOB at mailgw2.cityu.edu.hk>
 (original mail from shamil at smsconsulting.spb.ru); Tue,
 9 Sep 2003 01:11:56 +0800 (CST)
Received: from USER-VJCG7U5W26 (171-043.onebb.com [202.180.171.43])
 by mailgw2.cityu.edu.hk
 (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003))
 with ESMTP id <0HKW007I6N4417 at mailgw2.cityu.edu.hk> for
 college.office at cityu.edu.hk; Tue, 09 Sep 2003 00:57:47 +0800 (CST)
Date: Tue, 09 Sep 2003 01:28:39 +0800
From: shamil at smsconsulting.spb.ru
Subject: Thank you!
To: college.office at cityu.edu.hk
Message-id: <0HKW007I7N4417 at mailgw2.cityu.edu.hk>
MIME-version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: multipart/mixed;
boundary="Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)"
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-MailScanner: Found to be clean

This is a multipart message in MIME format

--Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT

See the attached file for details

--Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)
Content-type: text/plain; Name=UnsafeFile.txt
Content-transfer-encoding: 7BIT
Content-disposition: inline
Content-description: Unsafe file movie0045.pif is removed!

********* UNSAFE FILE REMOVED! *********

The system has removed the following unsafe file from this mail:

* Name of the file being removed: movie0045.pif

Postmaster (Mail Administrator),
City University of Hong Kong
Email: postmaster at cityu.edu.hk

(Reference number: 20030909_011156_13779)
********************************************


--
e-mail: shamil at smsconsulting.spb.ru
http://smsconsulting.spb.ru/shamil_s



More information about the dba-Tech mailing list