[OT] Pilot Email Question
Andrew Keen
keenandr@pilot.msu.edu
Thu, 22 Mar 2001 21:35:36 -0500
It actually attaches itself to winsock.dll, so that every email you try to send out it
grabs the address and send a copy of itself to the outgoing recipient. AKA
W95.Hybris.gen .
-ark
On Thu, Mar 22, 2001 at 09:02:53PM -0500, Adam Pitcher wrote:
> My father had that virus. I knew he had the virus before he did. Since he
> has email off my domain, I received a bounced message. It was from sexyfun
> but came from his IP. I found that when he opened his email, it tried sending
> itself out to others thru my smtp. It always failed because it was making
> garbled emails and failed everytime.
> So yes it is a virus. And suprisingly, he uses netscape email and it still
> managed to send itself out.
>
> Adam
>
>
> Don Chorman wrote:
>
> > I'm not sure but I looked at the IP address in the header.
> > Message header:
> >
> > Received: from egr.msu.edu (jeeves.egr.msu.edu [35.9.37.127])
> > by pilot04.cl.msu.edu (8.10.2/8.10.2) with ESMTP id f2MKkt050274;
> > Thu, 22 Mar 2001 15:46:55 -0500
> > Received: from pilot07.cl.msu.edu (pilot07.cl.msu.edu [35.9.5.27])
> > by egr.msu.edu (8.11.1/8.11.1) with ESMTP id f2MKkqc09523
> > for <ece360all@egr.msu.edu>; Thu, 22 Mar 2001 15:46:52 -0500 (EST)
> >
> > Received: from c1016883-a (pm283-15.dialip.mich.net [35.9.9.240])
> > by pilot07.cl.msu.edu (8.10.2/8.10.2) with SMTP id f2MKkaI13548
> > for <ece360all@egr.msu.edu>; Thu, 22 Mar 2001 15:46:41 -0500
> > Date: Thu, 22 Mar 2001 15:46:41 -0500
> > Message-Id: <200103222046.f2MKkaI13548@pilot07.cl.msu.edu>
> > From: Hahaha <hahaha@sexyfun.net>
> >
> > I'm not sure but I think it came from (pm283-15.dialip.mich.net
> > [35.9.9.240]).
> > What do you think?
> >
> > Ben Pfaff wrote:
> >
> > > Don Chorman <chormand@pilot.msu.edu> writes:
> > >
> > > [spam]
> > >
> > > > Thanks Ben. I did call CIC, and email them the header if thats worth
> > > > anything. It looked like the email originated from campus.
> > >
> > > I cannot speak as to your particular spam, since I haven't seen
> > > it, but beware of depending on From: lines, etc., for domain of
> > > origination. For such things, spammers often just use a
> > > "username" without any domain at all, and lots of MTAs (all?)
> > > will then append their own domain. So the spammer sends an email
> > > through Pilot that has a From: line like:
> > > From: imbecile
> > > and after it goes through Pilot, it looks like
> > > From: imbecile@msu.edu
> > > which, if you don't read the Received: headers, makes it look
> > > like it originated locally.
> > >
> >
> > _______________________________________________
> > linux-user mailing list
> > linux-user@egr.msu.edu
> > http://www.egr.msu.edu/mailman/listinfo/linux-user
>
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user