[Dshield] FW: virus found in sent message "illegal..."

Al Reust areust at comcast.net
Tue Mar 9 00:34:19 GMT 2004


Hello Everyone

I am running IE 6 SP1 patched. As soon as I clicked on the link Norton 
Corporate 8.1 told me that I had Sobig.F.enc in my Internet Cache.

Because it is an active web page. It can not be properly Quarantined, If 
you go there make sure you Clear You Cache and then virus Scan!

R/

Al


At 03:27 PM 3/8/2004 -0500, you wrote:
>check here
><A 
>HREF="https://www1.columbia.edu/sec/bboard/cpu_bboard/archive/2003_08/msg00002.html">failure 
>notice</A>
>... To: cpu_bboard at columbia.edu; Subject: failure notice; From:
>MAILER-DAEMON at www1.humornetwork.com; ... Hi.
>This is the qmail-send program at www1.humornetwork.com. ...
>
>https://www1.columbia.edu/sec/bboard/cpu_bboard/archive/2003_08/msg00002.html
>
>========Original Message========
>Subj:   [Dshield] FW: virus found in sent message "illegal..."
>Date:   3/8/2004 5:15:35 AM Mountain Standard Time
>From:    jestahley3 at cox.net (Joseph Stahley 3rd)
>Sender:    list-bounces at dshield.org
>Reply-to: <A HREF="mailto:list at dshield.org">list at dshield.org</A> (General 
>DShield Discussion List)
>To:    list at dshield.org
>CC:    abuse at cox.net
>
>
>
>
>
>
>Got this in my email today, is it real or hoax? Notice the domain name
>humornetwork.com, was wondering if anyone else got this. All my machines are
>virus free as far as I can tell.
>
>Joe
>
>
>
>-----Original Message-----
>From: System Anti-Virus Administrator [mailto:lsimon at humornetwork.com]
>Sent: Sunday, March 07, 2004 8:00 PM
>To: me
>Subject: virus found in sent message "illegal..."
>
>
>Attention: me
>
>
>A virus was found in an Email message you sent.
>This Email scanner intercepted it and stopped the entire message
>reaching its destination.
>
>The virus was reported to be:
>
>Worm.SomeFool.Gen-1
>
>
>Please update your virus scanner or contact your IT support
>personnel as soon as possible as you may have a virus on your system.
>
>
>Your message was sent with the following envelope:
>
>MAIL FROM: me
>RCPT TO:   license at humornetwork.com
>
>... and with the following headers:
>
>---
>MAILFROM: me
>Received: from ip68-102-109-231.ks.ok.cox.net (HELO humornetwork.com)
>(68.102.109.231)
>   by www1.humornetwork.com with SMTP; 8 Mar 2004 04:00:24 -0000
>From: me
>To: license at humornetwork.com
>Subject: illegal...
>Date: Sun, 7 Mar 2004 22:00:25 -0600
>MIME-Version: 1.0
>Content-Type: multipart/mixed;
>     boundary="----=_NextPart_000_0004_000014D4.0000092B"
>X-Priority: 3
>X-MSMail-Priority: Normal
>
>
>---
>
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
>http://www.dshield.org/mailman/listinfo/list
>
>
>----------------------- Headers --------------------------------
>Return-Path: <list-bounces at dshield.org>
>Received: from  rly-xk05.mx.aol.com (rly-xk05.mail.aol.com [172.20.83.42]) by
>air-xk01.mail.aol.com (v98.10) with ESMTP id MAILINXK11-597404c63d994; Mon,
>08 Mar 2004 07:15:35 -0500
>Received: from  mail.giac.net (mail1.giac.net [65.173.218.103]) by
>rly-xk05.mx.aol.com (v98.5) with ESMTP id MAILRELAYINXK51-597404c63d994; 
>Mon, 08 Mar
>2004 07:15:21 -0500
>Received: (qmail 4585 invoked from network); 8 Mar 2004 12:08:41 -0000
>Received: from  (HELO dshield.com) (@)
>   by 0 with SMTP; 8 Mar 2004 12:08:41 -0000
>Received: from maverick12.sans.org (localhost.localdomain [127.0.0.1])
>     by dshield.com (8.11.6/8.11.6) with ESMTP id i28C7Xi07624;
>     Mon, 8 Mar 2004 12:07:33 GMT
>Received: from mail.giac.net (iceman1 [65.173.218.103])
>     by dshield.com (8.11.6/8.11.6) with SMTP id i286iSi19845
>     for <list at maverick12.sans.org>; Mon, 8 Mar 2004 06:44:28 GMT
>Received: (qmail 5812 invoked from network); 8 Mar 2004 06:44:26 -0000
>Received: from  (HELO dshield.org) (@)
>     by 0 with SMTP; 8 Mar 2004 06:44:26 -0000
>Old-Received: (qmail 2579 invoked from network); 8 Mar 2004 06:41:11 -0000
>Old-Received: from fed1mtao02.cox.net (68.6.19.243)
>     by 0 with SMTP; 8 Mar 2004 06:41:11 -0000
>Old-Received: from win2k ([68.8.122.110]) by fed1mtao02.cox.net
>     (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with ESMTP
>     id <20040308064109.KEXY7091.fed1mtao02.cox.net at win2k>;
>     Mon, 8 Mar 2004 01:41:09 -0500
>From: "Joseph Stahley 3rd" <jestahley3 at cox.net>
>To: <list at dshield.org>
>Date: Sun, 7 Mar 2004 22:40:08 -0800
>MIME-Version: 1.0
>Content-Type: text/plain;
>     charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>X-Mailer: Microsoft Office Outlook, Build 11.0.5510
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Thread-Index: AcQEwePIZkf5YHH0TTajnrlzFH6mgAAFZ5wA
>Message-Id: <20040308064109.KEXY7091.fed1mtao02.cox.net at win2k>
>Old-X-Envelope-To: list at dshield.org
>X-Seen-By: bob list
>X-Envelope-To: UNKNOWN
>X-Mailman-Approved-At: Mon, 08 Mar 2004 11:57:56 +0000
>Cc: abuse at cox.net
>Subject: [Dshield] FW: virus found in sent message "illegal..."
>X-BeenThere: list at dshield.org
>X-Mailman-Version: 2.1.4
>Precedence: list
>Reply-To: General DShield Discussion List <list at dshield.org>
>List-Id: General DShield Discussion List <list.dshield.org>
>List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/list>,
>     <mailto:list-request at dshield.org?subject=unsubscribe>
>List-Archive: <http://www.dshield.org/pipermail/list>
>List-Post: <mailto:list at dshield.org>
>List-Help: <mailto:list-request at dshield.org?subject=help>
>List-Subscribe: <http://www.dshield.org/mailman/listinfo/list>,
>     <mailto:list-request at dshield.org?subject=subscribe>
>Sender: list-bounces at dshield.org
>Errors-To: list-bounces at dshield.org
>X-AOL-IP: 65.173.218.103
>X-AOL-SCOLL-SCORE: 0:XXX:XX
>X-AOL-SCOLL-URL_COUNT: 0
>
>
>
>
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list