[leps-talk] possible spam source clue

Grkovich, Alex agrkovich at tmpeng.com
Tue Sep 23 12:35:25 EDT 2003 

Woody,

I received an e-mail this morning that was very similar to (if not the same
one) yours, warning me of a virus that had "...just been sent..." to me...

Alex

> -----Original Message-----
> From:	Woody Woods [SMTP:woody.woods at umb.edu]
> Sent:	Tuesday, September 23, 2003 12:06 PM
> To:	TILS-leps-talk at yahoogroups.com; leps-l at lists.yale.edu;
> TILS-moth-rah at yahoogroups.com
> Subject:	[leps-talk] possible spam source clue
> 
> I ran this by Ron before sending to the leps lists. Please excuse the
> cross-posting, but I thought it should go to all.
> 
> I received two emails that appear at best legitimate and at worst
> harmless;
> they list the other recipients of virus/worm-bearing emails I have
> received.
> Maybe you got 'em too, but I'm writing in case you didn't.
> 
> I suggest that you look at the email addresses and see whether ALL of them
> in either message are in your address book. If so, possibly your computer
> has been infected. So far, mine (a Mac, helpfully) has been clean.
> 
> Rather than risk forwarding the messages to you all, just in case, I have
> simply copied the text content, including the recipients' addresses
> (including mine!) below.
> 
> By the way, I have removed the list email addresses from my address book--
> heck, if I don't know them by now I never will...
> 
> Woody
> 
> First message:
> 
> Attention: woody.woods at umb.edu
> 
> [A message has been sent to the originator, stating there is a virus
> in the Email they just sent to you. No further action is required on
> your part.]
> 
> A virus was found in an Email message sent to you.
> This Email scanner intercepted it and stopped the entire message
> before it reached you. No further action is required on your part.
> 
> The virus was reported to be:
> 
> virus WORM_SWEN.A
> 
> Please contact your I.T support personnel with any queries regarding this
> policy.
> 
> The message sent to you had the following envelope:
> 
> MAIL FROM: manager at taiwan-peggycompany.com
> RCPT TO:   
> ctaylor at worldnet.att.net,kline_at_pine at yahoo.com,jbizarro at uol.com.br,kennk
> @i
> x.netcom.com,pinteareed at madbbs.com,aa6g at aa6g.org,patfoley at csus.edu,cwgan at p
> ac
> ific.net.sg,woody.woods at umb.edu,marven at shaw.ca,rob at whiterabbits.com
> 
> ... and with the following headers:
> 
> ---
> MAILFROM: manager at taiwan-peggycompany.com
> Received: from unknown (HELO kkwa) ([218.13.213.193]) (envelope-sender
> <manager at taiwan-peggycompany.com>)
>          by msa.url.com.tw (qmail-ldap-1.03) with SMTP
>          for <ctaylor at worldnet.att.net>; 23 Sep 2003 10:38:44 -0000
> FROM: "Public Assistance" <kpnsdtbvuw at support.net>
> TO: "Microsoft Customer" <sctsnyv at support.net>
> SUBJECT: Internet Patch
> Mime-Version: 1.0
> Content-Type: multipart/mixed; boundary="ukhrdqrvtasuje"
> 
> 
> --and here's the second message:
> 
> 
> Attention: woody.woods at umb.edu
> 
> [A message has been sent to the originator, stating there is a virus
> in the Email they just sent to you. No further action is required on
> your part.]
> 
> A virus was found in an Email message sent to you.
> This Email scanner intercepted it and stopped the entire message
> before it reached you. No further action is required on your part.
> 
> The virus was reported to be:
> 
> virus WORM_SWEN.A
> 
> Please contact your I.T support personnel with any queries regarding this
> policy.
> 
> The message sent to you had the following envelope:
> 
> MAIL FROM: manager at taiwan-peggycompany.com
> RCPT TO:   
> rob at whiterabbits.com,marven at shaw.ca,woody.woods at umb.edu,cwgan at pacific.net.
> sg
> ,patfoley at csus.edu,aa6g at aa6g.org,pinteareed at madbbs.com,kennk at ix.netcom.com
> ,j
> bizarro at uol.com.br,kline_at_pine at yahoo.com,ctaylor at worldnet.att.net,michae
> l_
> ann at mindspring.com,mikayak3 at comcast.net,cmtp592 at concentric.net,viceroy at gat
> e.
> net,neil at nwjones.demon.co.uk,jjjjjjjjen at aol.com,ax057 at chebucto.ns.ca,fnkwp
> @a
> urora.alaska.edu,ewilliam at hamilton.edu,rworth at oda.state.or.us,gochfeld at eoh
> si
> .rutgers.edu,birdcr at concentric.net,drdn at mail.utexas.edu,mwalker at gensym.com
> ,m
> ike.quinn at tpwd.state.tx.us,stan_gorodenski at asualumni.org,jbwalsh at u.arizona
> .e
> du,gomesg at bmts.com,glaucus at earthlink.net,sebrez at webtv.net,fnjjk1 at uaf.edu,a
> dm
> in at dildodildo.ca,murp194 at bellsouth.net,xwmonarch at hotmail.com,gatrelle at tils
> -t
> tr.org,xiwang at sprint.ca,neck at bigfoot.com,melpchar at aol.com,jhimmel at comcast.
> ne
> t,r_seaman at hotmail.com,wtherman at cornhusker.net,lynnscott at heiconsulting.com
> ,a
> ustinjosa at usa.net,manager at asia-insect-shop.com,crespifranco1 at tin.it,mallyb
> ro
> ok at yahoo.co.uk,mplant at pcpros.net,hbrodkin at earthlink.net,mhg3 at cornell.edu,m
> on
> arch at saber.net,jshuey at tnc.org,mexicodoug at aol.com,dtbwlg at optonline.net,fhnv
> jl
> @optonline.net,obfcrk at h555.net
> 
> ... and with the following headers:
> 
> ---
> MAILFROM: manager at taiwan-peggycompany.com
> Received: from unknown (HELO gtdfd) ([218.13.213.193]) (envelope-sender
> <manager at taiwan-peggycompany.com>)
>          by msa.url.com.tw (qmail-ldap-1.03) with SMTP
>          for <rob at whiterabbits.com>; 23 Sep 2003 10:39:03 -0000
> FROM: "internet mail storage service" <mailerroutine at puremail.com>
> TO: "Net User" <user at mxserver.com>
> SUBJECT: Advice
> Mime-Version: 1.0
> Content-Type: multipart/alternative;
>    boundary="vwzagyipstlx"
> 
> 
> ---
> 
> 
> 
> 
> 
> 
> [Non-text portions of this message have been removed]
> 
> 
> ------------------------ Yahoo! Groups Sponsor ---------------------~-->
> Buy Remanufactured Ink Cartridges & Refill Kits at MyInks.com for: HP
> $8-20. Epson $3-9, Canon $5-15, Lexmark $4-17. Free s/h over $50 (US &
> Canada).
> http://www.c1tracking.com/l.asp?cid=6351
> http://us.click.yahoo.com/0zJuRD/6CvGAA/qnsNAA/CCYolB/TM
> ---------------------------------------------------------------------~->
> 
> TILS Motto: "We can not protect that which we do not know" © 1999 
> 
> Subscribe:  TILS-leps-talk-subscribe at yahoogroups.com 
> Post message: TILS-leps-talk at yahoogroups.com 
> Archives: http://groups.yahoo.com/group/TILS-leps-talk/messages
> Unsubscribe:  TILS-leps-talk-unsubscribe at yahoogroups.com 
> For more information: http://www.tils-ttr.org 
> 
> 
>  
> 
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 
> 
> 
> 
CAUTION PLEASE NOTE: The information contained in this transmission is
intended to be sent only to the stated recipient of the transmission. If the
reader of this message is not the intended recipient or the intended
recipient's agent, you are hereby notified that we do not intend to waive
any privilege that might ordinarily be attached to this communication. Any
dissemination, distribution or copying of the information contained in this
transmission is therefore prohibited. You are further asked to notify us of
any such error in transmission as soon as possible at the telephone
number/email address shown above. Thank you for your cooperation.  



 
 ------------------------------------------------------------ 

   For subscription and related information about LEPS-L visit:

   http://www.peabody.yale.edu/other/lepsl

More information about the Leps-l mailing list