|
Posted by =?Utf-8?B?U2lzc2k=?= on December 29, 2005, 12:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi, I recently got an email as follows:
*************************
-----Original Message-----
From: System Anti-Virus Administrator [mailto:virus@altecom.es]
Sent: Wednesday, December 28, 2005 11:59 AM
To: admin@sissigeneve.com
Subject: virus found in sent message "Mail Delivery (failure
kreband@kreband.com)"
Attention: admin@sissigeneve.com
A virus was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination.
The virus was reported to be:
Exploit.HTML.IFrame
Please update your virus scanner or contact your IT support
personnel as soon as possible as you may have a virus on your system.
Your message was sent with the following envelope:
MAIL FROM: admin@sissigeneve.com
RCPT TO: kreband@kreband.com
... and with the following headers:
MAILFROM: admin@sissigeneve.com
Received: from unknown (HELO kreband.com) (217.11.83.15)
by mx1.altecom.net with SMTP; 28 Dec 2005 10:59:04 -0000
From: admin@sissigeneve.com
To: kreband@kreband.com
Subject: Mail Delivery (failure kreband@kreband.com)
Date: Wed, 28 Dec 2005 12:02:49 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
*****************************
I keep my Norton AV constantly up to date and even did a search on their
site with the supposed virus name and nothing came up.
Are these fictitious alarms? I've gotten I think one or two similar ones in
the past.
Appreciate any similar reports. tnx so much
Sissi
|
|
Posted by David H. Lipman on December 29, 2005, 1:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Hi, I recently got an email as follows:
|
< snip ?
| I keep my Norton AV constantly up to date and even did a search on their
| site with the supposed virus name and nothing came up.
| Are these fictitious alarms? I've gotten I think one or two similar ones in
| the past.
|
| Appreciate any similar reports. tnx so much
| Sissi
It is a HTML Exploit code.
http://securityresponse.symantec.com/avcenter/venc/data/iframe.exploit.html
"IFrame.Exploit is an exploit contained within a body of HTML and is typically
used in
email. The exploit allows malicious code to be executed by reading or previewing
files
containing this code. This exploit deceives the HTML viewer into executing viral
code that
the viewer thinks is an Audio or a Video component of the body of HTML. "
For you to have sent that email you would have had to attached a HTML file
employing that
Exploit or you would have had to create an email in HTML using that Exploit.
The chances of that are extremely low that you are actually sending out email
like this.
Is there an attachment associated with this email ?
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by =?Utf-8?B?U2lzc2k=?= on December 29, 2005, 2:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Second, no, there was no attachment. But let me clarify what's legit and
what's not or not known from the email (read my notes in CAPS):
From: System Anti-Virus Administrator [mailto:virus@altecom.es]
(NEVER HEARD OF THIS EMAIL ADDRESS)
From: admin@sissigeneve.com
(MY LEGIT EMAIL ADDRESS)
To: kreband@kreband.com
(NEVER HEARD OF THIS EMAL ADDRESS AND I NOR MY OUTLOOK SHOWS ANY EMAIL SENT
TO THIS ADDRESS)
Subject: Mail Delivery (failure kreband@kreband.com)
Date: Wed, 28 Dec 2005 12:02:49 +0100
Sent: Wednesday, December 28, 2005 11:59 AM
(SENT NO EMAIL AT THIS TIME AND IN FACT, MY COMPUTER WAS TURNED OFF AND NOT
CONNECTED AT ALL TO THE NET FROM DEC 24 TO MORNING OF DEC 29, TODAY)
Any further thoughts?? tnx a million,
Sissi
|
|
Posted by Tom [Pepper] Willett on December 29, 2005, 3:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
email addresses from address books, etc., and forging the reply address as
yours. Thus, when it gets bounced for any reason, it gets bounced back to
you.
This is not uncommon.
Welcome to the real wide web ;-)
Tom
| First, sorry for being an idiot and missing Norton's info on this.
| Second, no, there was no attachment. But let me clarify what's legit and
| what's not or not known from the email (read my notes in CAPS):
|
| From: System Anti-Virus Administrator [mailto:virus@altecom.es]
| (NEVER HEARD OF THIS EMAIL ADDRESS)
|
| From: admin@sissigeneve.com
| (MY LEGIT EMAIL ADDRESS)
|
| To: kreband@kreband.com
| (NEVER HEARD OF THIS EMAL ADDRESS AND I NOR MY OUTLOOK SHOWS ANY EMAIL
SENT
| TO THIS ADDRESS)
|
| Subject: Mail Delivery (failure kreband@kreband.com)
| Date: Wed, 28 Dec 2005 12:02:49 +0100
| Sent: Wednesday, December 28, 2005 11:59 AM
| (SENT NO EMAIL AT THIS TIME AND IN FACT, MY COMPUTER WAS TURNED OFF AND
NOT
| CONNECTED AT ALL TO THE NET FROM DEC 24 TO MORNING OF DEC 29, TODAY)
|
| Any further thoughts?? tnx a million,
| Sissi
|
|
|
|
Posted by =?Utf-8?B?U2lzc2k=?= on December 29, 2005, 3:51 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Happy new year!
S
"Tom [Pepper] Willett" wrote:
> As usual, somebody has an infected computer, and the virus is pulling out
> email addresses from address books, etc., and forging the reply address as
> yours. Thus, when it gets bounced for any reason, it gets bounced back to
> you.
>
> This is not uncommon.
>
> Welcome to the real wide web ;-)
>
> Tom
>
|
| Similar Threads | Posted | | 4 different virus reported by PC-cillin + Dr.Web HELP pls! | December 9, 2006, 9:38 pm |
| HTML/scripted.gen virus | August 16, 2008, 8:31 pm |
| WSUS error: Computer "Net yet reported" | November 9, 2005, 1:28 pm |
| Troj/Zlob-ZG reported on my machine..... | February 22, 2007, 5:01 pm |
| What is "Backdoor.Winbach" as reported by eTrust Pest Patrol? | August 17, 2005, 12:10 am |
| Email containing virus in my account!!! | April 2, 2006, 4:49 am |
| Virus Sent in Email intentionally | June 9, 2006, 7:37 am |
| keep receiving email virus | August 26, 2006, 3:35 pm |
| Re: New Virus/Email Worm? Retirement Subject Lines | July 26, 2006, 4:58 pm |
| RE: New Virus/Email Worm? Retirement Subject Lines | July 27, 2006, 10:24 am |
|
XML site map