[Dshield] FYI Sobig

Jim Gifford maillist at jg555.com
Thu Aug 21 17:04:39 GMT 2003


Now this thing is getting really funny. He is sending out emails as me.
Check out the headers, he is using my other account with his IP address.

Here is a virus alert email sent.

                           V I R U S  A L E R T

Our viruschecker found the

I-Worm.Sobig.f.txt

virus in your email to the following recipient:

-> igor.urban at haberst.ee

Delivery of the email was stopped!

Please check your system for viruses,
or ask your system administrator to do so.


For your reference, here are the SMTP envelope originator
and headers from your email:

>From jim at jg555.com
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <jim at jg555.com>
Received: from TUTT (80-235-34-20-dsl.mus.estpak.ee [80.235.34.20])
by gamma.isp.ee (8.11.6/8.11.6) with ESMTP id h7LDAZ011844
for <igor.urban at haberst.ee>; Thu, 21 Aug 2003 16:10:36 +0300
From: jim at jg555.com
Message-Id: <200308211310.h7LDAZ011844 at gamma.isp.ee>
To: <igor.urban at haberst.ee>
Subject: Re: Details
Date: Thu, 21 Aug 2003 16:11:00 +0300
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_10A43B5C"




More information about the list mailing list