Return Message Address mungling... help.
Clint Fast
cfast at ALLIEDBUILDING.COM
Sun Dec 23 18:04:34 GMT 2001
The virus itself actually does the name mungling on the From address.
I've seen A LOT of this lately.
--Clint.
Tim Lyons wrote:
>
> This is a bit strange. My system detected the following but for some
> reason mungled the senders address. the true address should be
> tullberg1 at deleted.com but for some reason the script parsed it as
> uullberg1 at deleted.com
> ^
>
> Any Idea as to why this might be occurring?
>
> --Tim
>
> --
>
> ---------- Forwarded message ----------
> Date: Sat, 22 Dec 2001 21:15:35 -0500
> From: MailScanner <AV at digitalvoodoo.org>
> To: postman at digitalvoodoo.org
> Subject: Warning: E-mail viruses detected
>
> The following e-mail messages were found to have viruses in them:
>
> Sender: <uullberg1 at deleted.com>
> Recipient: <user at digitalvoodoo.org>
> Subject: A few understood the whole
> MessageID: fBN2F4i30334
> Report: >>> Virus 'W32/Magistr-B' found in file ./fBN2F4i30334/developers.pif
> Shortcuts to MS-Dos programs are very dangerous in email in developers.pif
>
> --
> Email Virus Scanner
>
> ---
>
> Original Message Headers:
>
> Received: from smtp03.mrf.mail.deleted.net (smtp03.mrf.mail.deleted.net
> [deleted])
> by ns.digitalvoodoo.org (8.11.6/8.11.6) with ESMTP id fBN2F4i30334
> for <user at digitalvoodoo.org>; Sat, 22 Dec 2001 21:15:05 -0500
> Received: from sanitized.c3-0.nwt-ubr1.sbo-nwt.ma.cable.deletedcom
> ([deleted] helo=SMTP.rcn.com)
> by smtp03.mrf.mail.deleted.net with smtp (Exim 3.33 #10)
> id 16HyAB-0001Iu-00; Sat, 22 Dec 2001 21:14:56 -0500
> FROM: sender <tullberg1 at deleted.com>
> SUBJECT: A few understood the whole
> X-MSMail-Priority: Normal
> X-Priority: 3
> X-Mailer: Microsoft Outlook Express 4.72.3612.1700
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----=_NextPart_000_0010_01C2803E.09803EF0"
> Content-Transfer-Encoding: 7bit
> Message-Id: <E16HyAB-0001Iu-00 at smtp03.mrf.mail.deleted.net>
> Bcc:
> Date: Sat, 22 Dec 2001 21:14:56 -0500
> X-ECS-MailScanner: Found to be infected
More information about the MailScanner
mailing list