[OT] Pilot Email Question

Andrew Keen keenandr@pilot.msu.edu
Thu, 22 Mar 2001 21:35:36 -0500 

It actually attaches itself to winsock.dll, so that every email you try to send out it
grabs the address and send a copy of itself to the outgoing recipient. AKA
W95.Hybris.gen .

-ark
On Thu, Mar 22, 2001 at 09:02:53PM -0500, Adam Pitcher wrote:
> My father had that virus.  I knew he had the virus before he did.  Since he
> has email off my domain, I received a bounced message.  It was from sexyfun
> but came from his IP.  I found that when he opened his email, it tried sending
> itself out to others thru my smtp.  It always failed because it was making
> garbled emails and failed everytime.
> So yes it is a virus.  And suprisingly, he uses netscape email and it still
> managed to send itself out.
> 
> Adam
> 
> 
> Don Chorman wrote:
> 
> > I'm not sure but I looked at the IP address in the header.
> > Message header:
> >
> > Received: from egr.msu.edu (jeeves.egr.msu.edu [35.9.37.127])
> >         by pilot04.cl.msu.edu (8.10.2/8.10.2) with ESMTP id f2MKkt050274;
> >         Thu, 22 Mar 2001 15:46:55 -0500
> > Received: from pilot07.cl.msu.edu (pilot07.cl.msu.edu [35.9.5.27])
> >         by egr.msu.edu (8.11.1/8.11.1) with ESMTP id f2MKkqc09523
> >         for <ece360all@egr.msu.edu>; Thu, 22 Mar 2001 15:46:52 -0500 (EST)
> >
> > Received: from c1016883-a (pm283-15.dialip.mich.net [35.9.9.240])
> >         by pilot07.cl.msu.edu (8.10.2/8.10.2) with SMTP id f2MKkaI13548
> >         for <ece360all@egr.msu.edu>; Thu, 22 Mar 2001 15:46:41 -0500
> > Date: Thu, 22 Mar 2001 15:46:41 -0500
> > Message-Id: <200103222046.f2MKkaI13548@pilot07.cl.msu.edu>
> > From: Hahaha <hahaha@sexyfun.net>
> >
> > I'm not sure but I think it came from (pm283-15.dialip.mich.net
> > [35.9.9.240]).
> > What do you think?
> >
> > Ben Pfaff wrote:
> >
> > > Don Chorman <chormand@pilot.msu.edu> writes:
> > >
> > > [spam]
> > >
> > > > Thanks Ben. I did call CIC, and email them the header if thats worth
> > > > anything. It looked like the email originated from campus.
> > >
> > > I cannot speak as to your particular spam, since I haven't seen
> > > it, but beware of depending on From: lines, etc., for domain of
> > > origination.  For such things, spammers often just use a
> > > "username" without any domain at all, and lots of MTAs (all?)
> > > will then append their own domain.  So the spammer sends an email
> > > through Pilot that has a From: line like:
> > >         From: imbecile
> > > and after it goes through Pilot, it looks like
> > >         From: imbecile@msu.edu
> > > which, if you don't read the Received: headers, makes it look
> > > like it originated locally.
> > >
> >
> > _______________________________________________
> > linux-user mailing list
> > linux-user@egr.msu.edu
> > http://www.egr.msu.edu/mailman/listinfo/linux-user
> 
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user