RCU Forums - View Single Post - Virus Caution
Thread: Virus Caution
View Single Post
Old 10-14-2003 | 11:42 AM
  #4  
gfinan
 
Joined: Oct 2002
Posts: 232
Likes: 0
Received 0 Likes on 0 Posts
From: Hazel Green, AL
Default RE: Virus Caution
My post may seem a little harsh, and I appoligize for that. I am well aware of how worms, etc propagate on a persons system. The worm came in the attachment to an email and has the same properties as the worm has had since it was discovered some time ago. All the sender did was attach the original worm to the email that was sent out.

The problem I have, however, is that I have never heard of a worm that can create a message body to appear as though it came from a legitimate web site without manipulation from the originator of the message. I am aware that worms spoof email addresses, headers, etc all the time, but this one was designed to appear as though it came from RCU (I reinerate that I said appear). The email was close enough to an original one from RCU that I probably would have opened it! My only intention of this post was to warn the readers of this issue and nothing else. Also, I am not saying that the sender of the email was the originator of the worm. All I am trying to get across is to be aware.

Below is the message and header. As you can see the header is definitely bogus. But I will let you guys fight about the meaning of the rest. Next time I won't say a thing...

X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
X-Symantec-TimeoutProtection: 2
Return-Path: <[email protected]>
Received: from excellerant.com ([209.61.186.122]) by lakemtai10.cox.net
(InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP
id <20031014002959.EYDC16416.lakemtai10.cox.net@ex cellerant.com>
for <[email protected]>; Mon, 13 Oct 2003 20:29:59 -0400
Received: (qmail 10670 invoked from network); 14 Oct 2003 00:12:05 -0000
Received: from cs666968-227.satx.rr.com (HELO Cruz) (66.69.68.227)
by jaden.net with SMTP; 14 Oct 2003 00:12:05 -0000
From: "R/C Groups Discussion Mailer" <[email protected]>
Subject: Reply to post 'What Did YOU Get For Father's Day?'
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------C78NMREM465WDW"
Message-Id: <20031014002959.EYDC16416.lakemtai10.cox.net@ex cellerant.com>
Date: Mon, 13 Oct 2003 20:30:00 -0400

------------C78NMREM465WDW
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello cruzomatic,

Dale Case has just replied to a thread you have subscribed to entitled - What Did YOU Get For Father's Day? - in the Open Discussion forum of R/C Groups Discussion.

This thread is located at:
http://www.rcgroups.com/forums/showt...........edited

There may be other replies also, but you will not receive any more notifi

------------C78NMREM465WDW--
gfinan is offline  
Reply Like