Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Spammer has got me!

I see many emails a day that are "sent" from an account that does not send email.
many of the variants of the KLEZ worm spoof the from address. Most of them fail to
spoof the return path address however. Like this:

From email@hidden Mon Jul 1 10:36:22 2002\n
Return-path: <email@hidden>\n
Received: from scv2.appl.....
Symantec's Norton AntiVirus Technology.
small_nikko[1].bat was infected with the malicious virus W32.Klez.H@mm and has been deleted because the
file cannot be cleaned.\n

In that case email@hidden is the bad guy.



And the wintel machines that get eaten by this worm are prolific. I have received 40+ worm-laden emails
from 1 address this morning.
Like this


From email@hidden Mon Jul 1 10:56:22 2002\n
Return-path: <email@hidden>...

2001-02 Handbooks not available sheets.doc.lnk was infected with the malicious virus W32.Sircam.Worm@mm
and has been deleted because the file cannot be cleaned.\n



So, at any rate, what you are seeing is probably one of a dozen different versions of the KLEZ worm




On Monday, July 1, 2002, at 12:06 PM, Josh Wisenbaker wrote:

Apple Mail seems to treat the header info as a tiff. Sorry about that.

I thought of the klez virus on a PC, but haven't given it too much thought. I think now that it could be the answer as we are getting e-mail claiming to be from local accounts that have been gone for a number of years.

From: email@hidden
Date: Mon Jul 01, 2002 03:56:39 AM US/Eastern
To: email@hidden
Subject: You're Paying Too Much
Reply-To: email@hidden
Received: from $domain ([80.60.55.192]) by mail.computertree.com (AppleMailServer 10.1.4.0) id 42782u via TCP with SMTP; Mon, 01 Jul 2002 02:50:21 -0400
Received: from computertree.com by UAEU9EXHA.computertree.com with SMTP for email@hidden; Mon, 01 Jul 2002 02:56:39 -0500
Importance: Normal
X-Encoding: MIME
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_1450_45778285062263545228083"
Content-Transfer-Encoding: Quoted-Printable
X-Msmail-Priority: Normal
Message-Id: <email@hidden>

Any ideas?

Josh

On Monday, July 1, 2002, at 10:02 AM, Simon Slavin wrote:

On Monday, July 1, 2002, at 02:00 pm, Josh Wisenbaker wrote:

Here is a header for your perusal.

You cannot attach files to messages on this list. Please cut the headers
in text form and paste them directly into your message.

But even without the headers, does it look as if the message actually
comes from outside your system ? Because there's a virus which does that:
it looks through the messages on your hard disk for the addresses of
anyone you've corresponded with and disguises itself as one of those.

Simon Slavin
--
Simon Slavin Fylde College Room C42
Computing Development Officer 01524 65201 x 93569
Psychology Department
University of Lancaster
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.


-
Josh Wisenbaker
Sr. Systems Engineer
ComputerTree Technologies
1-800-467-9820

"I sense much NT in you, NT leads to Blue Screen.
Blue Screen leads to downtime, downtime leads to suffering.
NT is the path to the darkside."
- Unknown Unix Jedi
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.


Lloyd Vancil
email@hidden
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: Spammer has got me! (From: Josh Wisenbaker <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.