[Dshield] FW: virus found in sent message "illegal..."

Jon R. Kibler Jon.Kibler at aset.com
Mon Mar 8 14:48:07 GMT 2004


Joseph Stahley 3rd wrote:
<SNIP!>
> The virus was reported to be:
> 
> Worm.SomeFool.Gen-1
> 

Worm.SomeFool.Gen-1 is ClamAV's name for Netsky.C -- and, since it is a generic signature, it may also pick up other Netsky variants. Netsky forges sender addresses. Someone forged your address, sent it to someone else, and their MTA detected the virus and bounced it back to you -- although you did not really originate it!

If I was you, I would write to the abuse department that sent you this bounce -- plus the admin who claims to have originated the bounce (lsimon at humornetwork.com) -- and demand that they stop bouncing virus infected email. (See my earlier posting on why bouncing virus infected emails is a VERY bad idea.)

Hope this answers your questions.

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list