Hey, I got my first whindoze email virus!

Ben Pfaff pfaffben@msu.edu
15 Aug 2000 19:04:33 -0400


Torgo Jr <agarris@voyager.net> writes:

> Got the "resume.txt.vbs" in my Netscape for Linux email 
> program (gawd I need to switch to mutt though...).  After
> an initial chuckle, I decided to look at the headers, and
> I am a little confused.  Does what appears below mean that 
> the message originated within aol.com?  

It looks forged to me:

	1. linux-1.osvnidau is not a valid hostname and
           195.141.11.11 does not resolve in the DNS.

	2. 161.58.1.88 does not resolve in the DNS and it
           certainly is not an AOL mail exchanger (i.e., `telnet
           161.58.1.88 smtp' produces `connection refused', and
           AOL is in a different IP net-block).

> Received: 
>   from linux-1.osvnidau (root@[195.141.11.11]) by mx2.mx.voyager.net
>   (8.9.3/8.9.3) with ESMTP id RAA90603 for <agarris@voyager.net>; Tue, 15
>   Aug 2000 17:35:49 -0400 (EDT)
> Received: 
>   from aol.com (110103830@[161.58.1.88]) by linux-1.osvnidau (8.8.8/8.8.8)
>   with SMTP id BAA13223; Wed, 16 Aug 2000 01:18:19 +0200

-- 
See Figure 1.