[Towertalk] Anyone know how to read these headers?

Stu Greene wa2moe@firstinter.net
Fri, 26 Apr 2002 21:59:01 -0700


At 09:35 PM 4/26/02 -0700, Bob Nielsen wrote:

> > Received: from Fjfidcduy ([68.64.226.171]) by out020.verizon.net
> >           (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
> >           id <20020427005426.NUVW1765.out020.verizon.net@Fjfidcduy>
> >           for <hsz102@psu.edu>; Fri, 26 Apr 2002 19:54:26 -0500
>
>This line shows that it originated from the IP address 68.64.226.171.

I just received a virus.  The message said it came from Bonfred42 
<Bonfred42@aol.com>
when in fact it came from fbf@netutah.net with an IP address of 209.197.0.17

Arin Whois identifies this as Burgoyne Computers Inc. (NETBLK-BURGOYNE-COM)
         421 South 400 East
         Salt Lake City, Utah 84111
         US

Here's the message.  I opened the header with Eudora using the blah blah 
feature.  It stole the Bonfred address from that address 
book.  Lesson.  Use a virus protection program



Return-Path: <fbf@netutah.net>
Received: from smtp.burgoyne.com (smtp.burgoyne.com [209.197.0.17])
         by mail.firstinter.net (8.11.3/8.11.3) with ESMTP id g3R2p0r16801
         for <wa2moe@firstinter.net>; Fri, 26 Apr 2002 19:51:00 -0700
Received: from Pmeogig (pmn.burgoyne.com [209.197.2.65])
         by smtp.burgoyne.com (8.11.3/8.11.3) with SMTP id g3R2t0s23563
         for <wa2moe@firstinter.net>; Fri, 26 Apr 2002 20:55:01 -0600
Date: Fri, 26 Apr 2002 20:55:01 -0600
Message-Id: <200204270255.g3R2t0s23563@smtp.burgoyne.com>
From: Bonfred42 <Bonfred42@aol.com>
To: wa2moe@firstinter.net
Subject: To country
MIME-Version: 1.0
Content-Type: multipart/alternative;
         boundary=D29s11503J7SR94180Yh54yxP
X-UIDL: a[o!!a?!#!e0""!Kdn!!

Content-Type: text/html;

PROVISIONS APPLICABLE TO THE EUROPEAN UNION
Content-Type: plain/text;
         name="Norton AntiVirus report - 1.txt" n t.pif
Content-ID: <D2892GX2088p4>

<file://c:\Attachments\Norton%20AntiVirus%20report%20-%201.txt>3166840.jpg 
Norton AntiVirus report - 
1.txt<file://c:\Attachments\Norton%20AntiVirus%20report%20-%201.txt>


>This file: "Unknown03e4.data" was infected with: "W32.Klez.gen@mm" virus.
>
>The file was deleted by Norton AntiVirus. Friday, April 26, 2002  21:36


--- StripMime Report -- processed MIME parts ---
multipart/related
  multipart/alternative
    text/plain (text body -- kept)
    text/html
  application/octet-stream
---