[aclug-L] Re: WeatherLab virus
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
David,
On FYI-1:
It is reall easy to track down what EarthLink customer that
e-mail came from if one had access to EarthLink's radius logs. But
it appears that you have mistaken me as an EarthLink employee, and I
haven't been one of those since Feb 2 2001.
On FYI-2:
I "really" use abcjr@xxxxxxxxx, and have since December of 1999. I do
have to say that I find your "logic" behind placing e-mail addresses in
your "spammers" filter quite "amazing".
--
abcjr
On Thu, Nov 14, 2002 at 10:56:18AM -0600, David Carmichael wrote:
>
> Arnold -
>
> Thanks for the input.. as I did not know that the "Southwind.net" email
> address was still a good address.. since most everybody that I use to email
> at "Southwind.net" has changed ISP's over the years.
>
> From a follow up email from K. White.. they [WeatherLab] got close to 100
> virus emails last night alone.
>
> FYI-1: following [at the end of the reply] is the emails header that had the
> virus and maybe with your knowledge you can help track down the infected
> machine?!?
>
> FYI-2: If you really use email address of: "abcjr@xxxxxxxxx" you are in my
> spamers filter due to the fact that about four weeks ago somebody tried to
> send me a virus with your email address as the from!?! My filter is set to
> allow 'TO' or FROM' "@ACLUG.ORG" to pass through and gets storted to its own
> email inbox. I thought that it was a MADE UP email address due to what
> seemed like random letters.
>
> FYI-3: DEC2955 = December 29th, 1955.. my birthdate..
>
> --David
>
> ----- Original Message -----
> From: "Arnold Cavazos Jr." <abcjr@xxxxxxxxx>
> To: <discussion@xxxxxxxxx>
> Sent: Thursday, November 14, 2002 10:18 AM
> Subject: [aclug-L] Re: WeatherLab virus
>
>
> >
> > David,
> >
> > You _are_ wrong, "southwind.net" is still a valid e-mail domain:
> >
> > ***
> > abcjr@corp:~<--% host -t mx southwind.net
> > southwind.net mail is handled by 5 onemain-mx.earthlink.net.
> > ***
> >
> > ELNK is just not creating any more "southwind.net" e-mail accounts.
> >
> > --
> > Arnold B. Cavazos, Jr. Voice: (316)858-3000
> > Director of Operations Fax: (316)858-3001
> > Hubris Communications Toll-Free: (866)267-INET
> > abcjr@xxxxxxxxxx http://www.iwichita.com http://www.dslkansas.net
> >
> >
> > On Thu, Nov 14, 2002 at 10:04:25AM -0600, David Carmichael wrote:
> > >
> > > Kevin -
> > >
> > > While I did not see the "Southwind" header.. I was mainly trying to let
> you
> > > know that somebody was sending out / spoofing emails with WeatherLab as
> the
> > > FROM.
> > >
> > > This way you are informed and might be able to help track down and or
> alert
> > > others of the fake emails.
> > >
> > > What is strange is.. maybe I am wrong here... but I did not even know
> that
> > > "Southwind" was still a good email address due to the number of mergers
> with
> > > other companies over the past few years?
> > >
> > > --David
> > >
> > > ----- Original Message -----
> > > From: "Kevin White" <kevin@xxxxxxx>
> > > To: <dec2955@xxxxxxxxxx>
> > > Sent: Thursday, November 14, 2002 9:43 AM
> > > Subject: WeatherLab virus
> > >
> > >
> > > Hi David,
> > >
> > > I got your fax about the virus you received from the KSN WeatherLab. I
> see
> > > by the headers that you didn't really receive it from the WeatherLab,
> > > however. It came from a Southwind dial-up account in Hutchinson. You
> can
> > > tell by looking at the first "Received:" line (they go in order from the
> > > "From:" up. The first received line listed is the last place the email
> > > routed through.
> > >
> > > This is caused by the fact that some user with Southwind received the
> virus
> > > through their Outlook email software. This virus then sends the virus
> out
> > > AS everyone listed in their address book. Therefore, it claims to come
> from
> > > the weatherlab, but it's only using an email address it found in the
> > > infected users address book.
> > >
> > > Unfortunately, there is absolutely nothing we can do about it because it
> > > doesn't come from or through any of our machines. It claims that it
> does,
> > > but it doesn't. The headers always tell the story.
> > >
> > > Kevin White
> > > KSN New Media Manager
> > > -- This is the discussion@xxxxxxxxx list. To unsubscribe,
> > > visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
> --
> > Arnold B. Cavazos, Jr. Voice: (316)858-3000
> > Director of Sales & Marketing Fax: (316)858-3001
> > Hubris Communications Toll-Free: (866)267-INET
> > abcjr@xxxxxxxxxx http://www.iwichita.com http://www.dslkansas.net
> >
>
> Received: from vmj-ext.prodigy.net by vmj with SMTP; Wed, 13 Nov 2002
> 21:48:52 -0500
> X-Originating-IP: [64.113.192.74]
> Received: from ewxmail.itworks.com (te-64-113-192-74.transedge.com
> [64.113.192.74])
> by vmj-ext.prodigy.net (8.12.3 da nor stuldap/8.12.3) with ESMTP id
> gAE2mdud186010;
> Wed, 13 Nov 2002 21:48:40 -0500
> Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net
> [207.217.120.22]) by ewxmail.itworks.com
> (Rockliffe SMTPRA 4.5.6) with ESMTP id <B0000558786@xxxxxxxxxxxxxxxxxxx>
> for <ksnewxmail@xxxxxxxxxxxxxxxx>;
> Wed, 13 Nov 2002 18:15:57 -0800
> Received: from dialup-10-hutchinson1.southwind.net ([209.134.89.10]
> helo=Qxin)
> by hawk.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
> id 18C9YO-0003sa-00
> for ksnewxmail@xxxxxxxxxxxxxxxx; Wed, 13 Nov 2002 18:16:24 -0800
> From: weatherlab <weatherlab@xxxxxxx>
> To: ksnewxmail@xxxxxxxxxxxxxxxx
> Subject: Japanese lass' sexy pictures
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary=H1K34LUTR8zZyF2W64z63T
> Message-Id: <E18C9YO-0003sa-00@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
> Date: Wed, 13 Nov 2002 18:16:24 -0800
> Sender: ksnewxmail-request@xxxxxxxxxxxxxxxx
>
> --H1K34LUTR8zZyF2W64z63T
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> <HTML><HEAD></HEAD><BODY>
> <iframe src=3Dcid:Z99oxu0lK51N6FA height=3D0 width=3D0>
> </iframe>
> <FONT></FONT></BODY></HTML>
>
> --H1K34LUTR8zZyF2W64z63T
> Content-Type: plain/text;
> name="Norton AntiVirus Deleted1.txt"
> Content-Transfer-Encoding: base64
> Content-ID: <Z99oxu0lK51N6FA>
>
> Tm9ydG9uIEFudGlWaXJ1cyByZW1
>
>
> -- This is the discussion@xxxxxxxxx list. To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>
--
Arnold B. Cavazos, Jr. Voice: (316)858-3000
Director of Operations Fax: (316)858-3001
Hubris Communications Toll-Free: (866)267-INET
abcjr@xxxxxxxxxx http://www.iwichita.com http://www.dslkansas.net
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
- [aclug-L] Re: WeatherLab virus, David Carmichael, 2002/11/14
- [aclug-L] Re: WeatherLab virus, Arnold Cavazos Jr., 2002/11/14
- [aclug-L] Re: WeatherLab virus,
Arnold Cavazos Jr. <=
- [aclug-L] Re: WeatherLab virus, David Carmichael, 2002/11/14
- [aclug-L] Re: WeatherLab virus, Jonathan Hall, 2002/11/14
- [aclug-L] Re: WeatherLab virus, David Carmichael, 2002/11/14
- [aclug-L] Re: WeatherLab virus, Jonathan Hall, 2002/11/14
- [aclug-L] Re: WeatherLab virus, Dale W Hodge, 2002/11/14
- [aclug-L] Re: WeatherLab virus, Chris Owen, 2002/11/14
- [aclug-L] Re: WeatherLab virus, Jonathan Hall, 2002/11/15
- [aclug-L] Re: WeatherLab virus, Clint Brubakken, 2002/11/15
- [aclug-L] Re: WeatherLab virus, Chris Owen, 2002/11/14
- Message not available
- [aclug-L] Re: WeatherLab virus, Clint Brubakken, 2002/11/15
|
|
