At 09:35 PM 4/26/02 -0700, Bob Nielsen wrote:
> > Received: from Fjfidcduy ([68.64.226.171]) by out020.verizon.net
> > (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
> > id <20020427005426.NUVW1765.out020.verizon.net@Fjfidcduy>
> > for <hsz102@psu.edu>; Fri, 26 Apr 2002 19:54:26 -0500
>
>This line shows that it originated from the IP address 68.64.226.171.
I just received a virus. The message said it came from Bonfred42
<Bonfred42@aol.com>
when in fact it came from fbf@netutah.net with an IP address of 209.197.0.17
Arin Whois identifies this as Burgoyne Computers Inc. (NETBLK-BURGOYNE-COM)
421 South 400 East
Salt Lake City, Utah 84111
US
Here's the message. I opened the header with Eudora using the blah blah
feature. It stole the Bonfred address from that address
book. Lesson. Use a virus protection program
Return-Path: <fbf@netutah.net>
Received: from smtp.burgoyne.com (smtp.burgoyne.com [209.197.0.17])
by mail.firstinter.net (8.11.3/8.11.3) with ESMTP id g3R2p0r16801
for <wa2moe@firstinter.net>; Fri, 26 Apr 2002 19:51:00 -0700
Received: from Pmeogig (pmn.burgoyne.com [209.197.2.65])
by smtp.burgoyne.com (8.11.3/8.11.3) with SMTP id g3R2t0s23563
for <wa2moe@firstinter.net>; Fri, 26 Apr 2002 20:55:01 -0600
To: <towertalk@contesting.com>
Date: Fri, 26 Apr 2002 20:55:01 -0600
Message-Id: <200204270255.g3R2t0s23563@smtp.burgoyne.com>
From: Bonfred42 <Bonfred42@aol.com>
To: wa2moe@firstinter.net
Subject: To country
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=D29s11503J7SR94180Yh54yxP
X-UIDL: a[o!!a?!#!e0""!Kdn!!
Content-Type: text/html;
PROVISIONS APPLICABLE TO THE EUROPEAN UNION
Content-Type: plain/text;
name="Norton AntiVirus report - 1.txt" n t.pif
Content-ID: <D2892GX2088p4>
<file://c:\Attachments\Norton%20AntiVirus%20report%20-%201.txt>3166840.jpg
Norton AntiVirus report -
1.txt<file://c:\Attachments\Norton%20AntiVirus%20report%20-%201.txt>
>This file: "Unknown03e4.data" was infected with: "W32.Klez.gen@mm" virus.
>
>The file was deleted by Norton AntiVirus. Friday, April 26, 2002 21:36
--- StripMime Report -- processed MIME parts ---
multipart/related
multipart/alternative
text/plain (text body -- kept)
text/html
application/octet-stream
---
|