| At 09:59 PM 4/26/02 -0700, Stu Greene wrote:
>At 09:35 PM 4/26/02 -0700, Bob Nielsen wrote:
>
>> > Received: from Fjfidcduy ([68.64.226.171]) by out020.verizon.net
>> >           (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
>> >           id <20020427005426.NUVW1765.out020.verizon.net@Fjfidcduy>
>> >           for <hsz102@psu.edu>; Fri, 26 Apr 2002 19:54:26 -0500
>>
>>This line shows that it originated from the IP address 68.64.226.171.
>
>I just received a virus.  The message said it came from Bonfred42 
><Bonfred42@aol.com>
>when in fact it came from fbf@netutah.net with an IP address of 209.197.0.17
Roger that.  In most cases, the real originator of the message should show 
up as the first line of the expanded header, in a line labeled 
<Return-Path>.  Not all e-mail programs show every line in the expanded 
header, unfortunately.
Just one other thing -- this virus, as well as other ones most popular 
currently, DO NOT get their victims or their fake "From:" addresses from 
anyone's address book -- instead, they are snagged from the incoming e-mail 
queue on the infected computer, so don't be surprised if you are told 
you've sent someone a virus but don't find his name in your address book.
73, Pete N4ZR
Check out the World HF
Contest Station Database at
www.pvrc.org
 |