Disturbing Email

[BustaMike]

Ok, somebody tell me what this is. It was in my inbox. I have the latest version of McAfee Viruscan and it is and has been fully updated. It doesn't find anything, and it never has (it's scheduled to run once a week and scan everything just in case).

So... do I have a virus? Or where did this come from? It's buggin' me. Check it out. I'm damn sure the attachment is a virus.

Note - I don't use Outlook Express and never have, yet this says something about that being the mailer. And obviously if this thing did bounce, I never sent the original.

Quote:

This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: dan@apolyton.net This message has been rejected because it has a potentially executable attachment "thank_you.pif" This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it. ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from [66.92.67.57] (helo=CIHET) by settler.apolyton.net with esmtp (Exim 4.20) id 19wu3F-0000PX-Mq for dan@apolyton.net; Tue, 09 Sep 2003 21:45:47 -0400 From: To: Subject: Re: Details Date: Tue, 9 Sep 2003 21:45:44 --0400 X-MailScanner: Found to be clean Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MSMail-Priority: Normal X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="_NextPart_000_06849F9A" Message-Id: This is a multipart message in MIME format --_NextPart_000_06849F9A Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit See the attached file for details --_NextPart_000_06849F9A Content-Type: application/octet-stream; name="thank_you.pif" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="thank_you.pif"

[BustaMike]

Oh, btw. Dan is not included in my address book. Hell, I don't even have an address book for my email, so I'm inclined to think that this didn't originate from my computer. That still doesn't change the fact that I have an unknown email with a virus and an @apolyton address in the same place.

[Skanky Burns]

Someone else got something like this recently...?
Anyway, check your computer for viruses post-haste.

[geeslaka]

I don't have the slightest clue what the cause may be, but I recommend deleting it and not opening the attachment.
It is probably targeted at Outlook users. Opening that attachment would probably screw up your computer. Delete it.

[BustaMike]

What about this. Is it possible that this could have nothing to do with my computer at all, but rather one of the public computers at school. I know the universities were hit pretty hard by the latest wave of viruses. I regularly check my email and visit apolyton at school. Could that have caused this crap?

[geeslaka]

Probably.

[BustaMike]

...and one more scan for good measure. Still all clean. Task manager shows nothing unusual. Probably ASU's computers .

[Paul]

Sounds like the W32.Sobig.F virus. This virus sends emails to all addresses in the address book of an infected computer, and uses an address from the infected computer's address book as the sender. That means that you are not infected, but someone else was infected who has both your and DanQ's email address in his/her address book.

[Makeo]

I got an email like this as well. The virus sender has harvested your email, probably from someones address book and placed it in the return to field.
I think I started a topic just like this one. Gotta love Apolyton.

[Makeo]

This was mine.

http://apolyton.net/forums/showthrea...threadid=95888

[Skanky Burns]

Thought I remembered something similar to this thread!

[Frozzy]

Many of the ACS staff with @apolyton mail addresses has been affected by the Sobig.F virus.

[Ecthy]

similar stuff has happened to me, mailer_daemon notices about emails not being processable to certain adresses that are not in my (empty) adress book but were a part of listed mail adresses that I replied to (forwarded mails). most disturbing is the fact that all the other people listed in the forward-list actually receive those mails. they must think I'm a spammer.

[Makeo]

you are a spammer

[Ecthy]

nah. at least not on emails to schoolmates.

[FrustratedPoet]

Quote:

Originally posted by Frozzy Many of the ACS staff with @apolyton mail addresses has been affected by the Sobig.F virus.

I got 80-100 in a single day once.

[JohnT]

I had the same thing occur a few months ago, but it was with Markos' email, not Dan.