Worm. Sober.P-zip

U

Uno Hoo!

Received this e-mail this morning. I have not sent out these e-mails
(although the Bigfoot address is one of my e-mail addresses). I have carried
out an AVG scan which gives me a clean bill of health. Is there anything
else I should do about this?

Kev



VIRUS ALERT

Our content checker found
virus: Worm.Sober.P-zip
in email presumably from you (<[email protected]>), to the following
recipients:
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)
-> (e-mail address removed)

Please check your system for viruses,
or ask your system administrator to do so.

Delivery of the email was stopped!


For your reference, here are headers from your email:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <[email protected]>
Received: from pnscj.com (host81-153-9-70.range81-153.btcentralplus.com
[81.153.9.70])
by piquet.limitless.co.uk (Postfix) with SMTP id D31E278C0F;
Fri, 6 May 2005 00:36:31 +0100 (BST)
From: (e-mail address removed)
To: (e-mail address removed)
Date: Thu, 05 May 2005 23:02:18 GMT
Subject: Re:
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=7058db6f2f94de.545eaa5"
Content-Transfer-Encoding: 7bit
-------------------------- END HEADERS ------------------------------



--------------------------------------------------------------------------------


Received: from pnscj.com (host81-153-9-70.range81-153.btcentralplus.com
[81.153.9.70])
by piquet.limitless.co.uk (Postfix) with SMTP id D31E278C0F;
Fri, 6 May 2005 00:36:31 +0100 (BST)
From: (e-mail address removed)
To: (e-mail address removed)
Date: Thu, 05 May 2005 23:02:18 GMT
Subject: Re:
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=7058db6f2f94de.545eaa5"
Content-Transfer-Encoding: 7bit



--------------------------------------------------------------------------------


No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.5 - Release Date: 04/05/2005
 
D

Dave Budd

Received this e-mail this morning. I have not sent out these e-mails
(although the Bigfoot address is one of my e-mail addresses). I have carried
out an AVG scan which gives me a clean bill of health. Is there anything
else I should do about this?
Click to expand...
Maybe tell them that every email-borne virus for the last 4
years has faked the From line, so they're wasting their time
complaining to an innocent party.
 
S

Stan Brown

Received this e-mail this morning. I have not sent out these e-mails
(although the Bigfoot address is one of my e-mail addresses). I have carried
out an AVG scan which gives me a clean bill of health. Is there anything
else I should do about this?
Click to expand...

If you know how to reach a human being at the site that sent the
mail, tell them that they should not send out virus nags to the
"From" address, since viruses routinely forge "From" addresses.

Otherwise, ignore it.

See http://www.f-prot.com/news/gen_news/030910_open_letter.html
 
G

Gabriele Neukam

On that special day, Uno Hoo!, ([email protected]) said...
Received: from pnscj.com (host81-153-9-70.range81-153.btcentralplus.com
[81.153.9.70])
Click to expand...

Doing a Whois lookup for 81.153.9.70

you get this information

% Information related to '81.153.0.0 - 81.153.255.255'

inetnum: 81.153.0.0 - 81.153.255.255
remarks: *******************************************************
remarks: * Please send abuse reports to (e-mail address removed) *
remarks: *******************************************************
netname: BT-CENTRAL-PLUS
descr: IP pools
country: GB
admin-c: BTCP1-RIPE
tech-c: BTCP1-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to (e-mail address removed)
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE

So the infected machine is accessing Broadband, not Bigfoot. The header
"from" is a fake. Your own machine is obviously not the one that sent
these infested mails.


Gabriele Neukam

(e-mail address removed)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

headers from NETSKY_P email 1
Help decode header 7
emails saying infected with sober.g in email 2
Help please have I got a Virus 4
"Mail Delivery Failed" messages 7
New MyWife worm? 1
Mailclient that can add extra headers 1
cannot send mail 2

Top