[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [mother] Someone is spoofing my domain/virus alert!

To: micro <microsound@xxxxxxxxxxxxx>
Subject: Re: [mother] Someone is spoofing my domain/virus alert!
From: ma_hovina <M4_H0V1N4@xxxxxxxx>
Date: Sat, 7 Jun 2003 21:47:02 +0200

--Apple-Mail-6--601388828
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=ISO-8859-1;
	format=flowed

just the same with this one: lofixxx@xxxxxxxxxxxxxx

i'm running OS X and not infected, but someone from Poland i don't know=20=

(the same guy "Adax") uses my domain atom-heart.com to send viruses.

ma_hovina

> Am Samstag, 07.06.03, um 20:55 Uhr (Europe/Berlin) schrieb Mr. =
Tangent:
>
>> -- read the following if you want the short version --
>>
>> Hello.=A0 As you may or may not have seen, someone from Poland is=20
>> infected with the Bugbear virus and is making it appear that e-mails=20=

>> are being sent from me.=A0 Do NOT respond or open ANY e-mail =
attachment=20
>> from "warpobot@xxxxxxxxxxxxx" -- it's a spoofed e-mail and no such=20
>> e-mail address exists at my mrtangent.com domain.=A0 DELETE the =
e-mail=20
>> AND attachment immediately if you get an e-mail from=20
>> "warpbot@xxxxxxxxxxxxx".
>>
>> -- keep reading if you want the full story --
>>
>> I'm in the process of investigating, but what I can ascertain 1)=20
>> someone from Poland is either spoofing my e-mail address, and sending=20=

>> a fake "warpbot/warp records" mail that also contains a virus (don't=20=

>> open the attachment!) or 2) someone from Poland is genuinely not=20
>> trying to spoof my address, and has somehow been infected with this=20=

>> Bugbear virus and is being an unwitting victim in propagating the=20
>> virus (and the virus for some reason is choosing my domain as the=20
>> spoof source).
>>
>> Apparently the Bugbear virus looks through the contact book of the=20
>> infected person's e-mail client and chooses a random domain=20
>> (mrtangent.com in this instance) and a random name (warpbot in this=20=

>> instance) and then a random message from his or her in-box.=A0 It =
then=20
>> sends this new e-mail AND VIRUS to everyone in the infected person's=20=

>> address book (including mailing lists, apparently), thus continuing=20=

>> the infection process.
>>
>> I wrote to my domain provider (for mrtangent.com) earlier and he=20
>> assures me that no spam/spoofed e-mails or viruses are going through=20=

>> their mail server.
>>
>> I'm running Mac OS X, so there is very little chance I'm personally=20=

>> infected. I've also ran Virex (with current virus definitions as of=20=

>> today) and there is absolutely no viruses on my Macintosh.=A0 There =
is=20
>> also no "warpbot" address on my mrtangent.com domain (I checked to=20
>> see if I had been compromised).
>>
>> I apologize for any inconveniences this has caused but unfortunately=20=

>> the virus is spoofing my address and there's no way I can do anything=20=

>> about it since the e-mail is not technically going through my mail=20
>> server (the e-mail is NOT from mrtangent.com, I assure you).
>>
>> Here is the full headers in case anyone is curious.=A0 This proves =
the=20
>> e-mail is originating from someone in Poland (nickname "Adax"=20
>> apparently):
>>
>> Return-Path: <warpbot@xxxxxxxxxxxxx>
>> Received: (qmail 63185 invoked from network); 6 Jun 2003 17:49:34=20
>> -0000
>> Received: from ns2.tele2.pl (213.173.209.71)
>> by taz3.hyperreal.org with SMTP; 6 Jun 2003 17:49:34 -0000
>> Received: from adax (host-81-118.tele2.pl [62.93.81.118])
>> by ns2.tele2.pl id h56HiuI22510;
>> Fri, 6 Jun 2003 19:44:56 +0200 (MET DST)
>>

Prev by Date: [ot] WIRE in LA
Next by Date: Need roomie for Sonar?
Previous by thread: [ot] WIRE in LA
Next by thread: Need roomie for Sonar?
Index(es):
- Date
- Thread