[UK-CONTEST] G3SJJ Virus Free
peter at unica.co.uk
peter at unica.co.uk
Thu Oct 10 08:13:09 EDT 2002
Along with many others, the virus (actually a Trojan) you're seeing forges
email headers. It looks in your inbox and sends itself out with a 'From'
address of someone who mailed you.
Just because the mail you saw had 'g3sjj' in the From: header, that's no
indication that it came from Chris's computer.
The one thing it can't fake is the 'Received' headers - they could give
you a clue where the mail came from, if you really want to track it down -
compare the Received headers in the infected mail with others you see from
other people and you might find a clue - particularly if it came from an
ISP such as Demon (who allocate separate hostnames to each customer) or a
corporate email system.
Peter G4MJS
>
>>Have downloaded latest signature files and revrus checker. it didn't
>> pick anything up. Chris
>
> Hi Chris,
>
> It's odd to hear that nothing was found, as the header and
> content appears to be from yourself, admittedly with the
> false header as previously mentioned. Can anyone confirm
> the status of the email as below... Did it have a virus attached?
>
> Maybe the email, whomever had it, managed to fake the whole
> email address from their address-book. The headers aren't a
> great match to the email you just sent. The "Virus-ed" mail has
> most of the outlook headers stripped, to hide the source probably.
>
> Anyway, Sorry if the alert caused any inconvenience. The virus
> detected had been driving me nuts at work that few days and seemed to be
> coming in from everywhere. It's good to hear all is well.
>
> Rv!
> www.MM0ANT.co.uk
>
>
>>Date: Wed, 9 Oct 2002 22:25:51 +0100
>>Message-Id: <200210092125.WAA29777 at dougal.trinetimb.net>
>>From: "G3SJJ" <g3sjj at grisoft.com>
>>Subject: Re: [UK-CONTEST] UK contests.
>>MIME-Version: 1.0
>>Content-Type: multipart/mixed; boundary="----------ORJP5P30JLATCI" To:
>> undisclosed-recipients:;
>>X-Envelope-To: rv at clara.co.uk
>>X-claradeliver-Version: 4.15.0
>>X-UIDL: 1034201505.72324.hespera.uk.clara.net
>>X-RCPT: rv
>>Status: U
>>
>>
>>I think we see it from different aspects Jonathon. You are most
>>fortunate in belonging to a club with obviously motivated people
>>as can be seen from your past reports on Club Calls, 160 CW,
>>CW FD and others.
>>
>>>From
>>
>>Viruses found in the attached files.
>>The attached file 13thmap.doc.scr is infected by I-Worm/Bugbear. The
>> attachment was moved to the virus vault.
>
>
>
>
>
>
>
>
>
>
>
> "Individuals play the game, but teams beat the odds." SEAL Team saying
>
>
>
> --- StripMime Report -- processed MIME parts ---
> multipart/mixed
> text/plain (text body -- kept)
> ---
> _______________________________________________
> UK-Contest mailing list
> UK-Contest at contesting.com
> http://lists.contesting.com/mailman/listinfo/uk-contest
More information about the UK-Contest
mailing list