Sent an inquiry to the apparent ISP for this mail (in the expanded
header), as well as AOL.
Here is the first reply, and guess what - it is a virus. Now we know
it's name, and who is at risk.
Mine did NOT have any enclosures, but if you get mail with an "_" in
front of the senders e-mail address like <_bonesrb@aol.com> do NOT open
any attachments. My Mac saved me.
Steve
Ryan Taylor wrote:
>
> Hi Steve,
>
> We're seeing oodles of those messages too. In fact, probably too many to
> chase down all the infected users. FYI, it's the "BADTRANS" worm and
> seems to be doing a pretty decent job of spreading itself.
>
> Long live the Mac! :-)
>
> RJ
>
> ---------------------
> Ryan J. Taylor
> Systems/Network Administrator
> NCIA
> rj@ncia.net
>
> On Thu, 29 Nov 2001, Steve Laifman wrote:
>
> > I have been receiving messages that are "blank" from this source, as
> > well as one other. Their return addresses always start with an
> > underscore (_). I have been told that these contain attachments with
> > viruses. Since I have a Mac, and am not using Microsoft Browser, or
> > Mail, I see no attachments.
> >
> > Here is the complete message header and all. I think this came from you,
> > but maybe from aol.com or lynx.ncia.net. Please check it out and
> > forward to correct office.
> >
> > Steve
--
Steve Laifman
Editor
http://www.TigersUnited.com
Return-Path: <rjtaylor@ncia.net>
Received: from lamx01.mgw.rr.com ([66.75.160.12]) by
orngca-mls05.socal.rr.com (Post.Office MTA v3.5.3 release 223 ID#
0-59787U250000L250000S0V35) with ESMTP id com for
<SLaifman@SoCal.rr.com>; Thu, 29 Nov 2001 14:15:40 -0800
Received: from bear.ncia.net (bear.ncia.net [207.140.8.10]) by
lamx01.mgw.rr.com (8.11.4/8.11.3) with ESMTP id fATMFvc23756 for
<SLaifman@SoCal.rr.com>; Thu, 29 Nov 2001 14:15:57 -0800 (PST)
Received: from wolf.ncia.net (wolf.ncia.net [207.140.8.21]) by
bear.ncia.net (8.11.6/8.11.6) with ESMTP id fATMG7Y57015 for
<SLaifman@SoCal.rr.com>; Thu, 29 Nov 2001 17:16:07 -0500 (EST)
(envelope-from rjtaylor@ncia.net)
Date: Thu, 29 Nov 2001 17:16:00 -0500 (EST)
From: Ryan Taylor <rjtaylor@ncia.net>
To: Steve Laifman <SLaifman@SoCal.rr.com>
Subject: Re: Possible Virus Storm
In-Reply-To: <3C06AF40.394377C0@SoCal.rr.com>
Message-ID: <Pine.LNX.4.30.0111291714350.32502-100000@wolf.ncia.net>
MIME-Version: 1.0
X-Mozilla-Status2: 00000000
Hi Steve,
We're seeing oodles of those messages too. In fact, probably too many to
chase down all the infected users. FYI, it's the "BADTRANS" worm and
seems to be doing a pretty decent job of spreading itself.
Long live the Mac! :-)
RJ
---------------------
Ryan J. Taylor
Systems/Network Administrator
NCIA
rj@ncia.net
On Thu, 29 Nov 2001, Steve Laifman wrote:
> I have been receiving messages that are "blank" from this source, as
> well as one other. Their return addresses always start with an
> underscore (_). I have been told that these contain attachments with
> viruses. Since I have a Mac, and am not using Microsoft Browser, or
> Mail, I see no attachments.
>
> Here is the complete message header and all. I think this came from you,
> but maybe from aol.com or lynx.ncia.net. Please check it out and
> forward to correct office.
>
> Steve
>
>
> Return-Path:
> <macbaney@ncia.net>
> Received:
> from lamx01.mgw.rr.com ([66.75.160.12]) by
> orngca-mls05.socal.rr.com (Post.Office MTA v3.5.3 release 223 ID#
> 0-59787U250000L250000S0V35) with ESMTP id com for
> <SLaifman@SoCal.RR.com>; Thu, 29 Nov 2001 07:25:30 -0800
> Received:
> from lynx.ncia.net (lynx.ncia.net [208.197.116.10]) by
> lamx01.mgw.rr.com (8.11.4/8.11.3) with ESMTP id fATFPlc11561 for
> <SLaifman@SoCal.RR.com>; Thu, 29 Nov 2001 07:25:47
> -0800 (PST)
> Received:
> from aol.com (lac-flex162.ncia.net [208.197.116.162])
> by lynx.ncia.net (Postfix) with SMTP id 48A8B80 for
> <SLaifman@SoCal.RR.com>; Thu, 29 Nov 2001 10:25:45
> -0500 (EST)
> From:
> "Mike and Susan" <_macbaney@ncia.net>
> To:
> SLaifman@SoCal.RR.com
> Subject:
> Re: New Forum - TigersUnited.com
> MIME-Version:
> 1.0
> Content-Type:
> multipart/related; type="multipart/alternative";
>boundary="====_ABC1234567890DEF_===="
> X-Priority:
> 3
> X-MSMail-Priority:
> Normal
> X-Unsent:
> 1
> Message-ID:
> <20011129152545.48A8B80@lynx.ncia.net>
> Date:
> Thu, 29 Nov 2001 10:25:45 -0500 (EST)
> X-Mozilla-Status:
> 8013
> X-Mozilla-Status2:
> 00000000
> X-UIDL:
> 20011129152530.AAB28975@orngca-mls05.socal.rr.com
|