Hey, I got my first whindoze email virus!
Ben Pfaff
pfaffben@msu.edu
15 Aug 2000 19:04:33 -0400
Torgo Jr <agarris@voyager.net> writes:
> Got the "resume.txt.vbs" in my Netscape for Linux email
> program (gawd I need to switch to mutt though...). After
> an initial chuckle, I decided to look at the headers, and
> I am a little confused. Does what appears below mean that
> the message originated within aol.com?
It looks forged to me:
1. linux-1.osvnidau is not a valid hostname and
195.141.11.11 does not resolve in the DNS.
2. 161.58.1.88 does not resolve in the DNS and it
certainly is not an AOL mail exchanger (i.e., `telnet
161.58.1.88 smtp' produces `connection refused', and
AOL is in a different IP net-block).
> Received:
> from linux-1.osvnidau (root@[195.141.11.11]) by mx2.mx.voyager.net
> (8.9.3/8.9.3) with ESMTP id RAA90603 for <agarris@voyager.net>; Tue, 15
> Aug 2000 17:35:49 -0400 (EDT)
> Received:
> from aol.com (110103830@[161.58.1.88]) by linux-1.osvnidau (8.8.8/8.8.8)
> with SMTP id BAA13223; Wed, 16 Aug 2000 01:18:19 +0200
--
See Figure 1.