Complete.Org: Mailing Lists: Archives: discussion: November 2002:
[aclug-L] Re: WeatherLab virus
Home

[aclug-L] Re: WeatherLab virus

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: discussion@xxxxxxxxx
Subject: [aclug-L] Re: WeatherLab virus
From: Jeff Vian <jvian10@xxxxxxxxxxx>
Date: Thu, 14 Nov 2002 14:54:43 -0600
Reply-to: discussion@xxxxxxxxx

Probably someone still has the southwind address in their address book 
and it is using that as the spoofed domain.


David Carmichael wrote:

>Kevin -
>
>While I did not see the "Southwind" header.. I was mainly trying to let you
>know that somebody was sending out / spoofing emails with WeatherLab as the
>FROM.
>
>This way you are informed and might be able to help track down and or alert
>others of the fake emails.
>
>What is strange is.. maybe I am wrong here... but I did not even know that
>"Southwind" was still a good email address due to the number of mergers with
>other companies over the past few years?
>
>--David
>
>----- Original Message -----
>From: "Kevin White" <kevin@xxxxxxx>
>To: <dec2955@xxxxxxxxxx>
>Sent: Thursday, November 14, 2002 9:43 AM
>Subject: WeatherLab virus
>
>
>Hi David,
>
>I got your fax about the virus you received from the KSN WeatherLab.  I see
>by the headers that you didn't really receive it from the WeatherLab,
>however.  It came from a Southwind dial-up account in Hutchinson.  You can
>tell by looking at the first "Received:" line (they go in order from the
>"From:" up.  The first received line listed is the last place the email
>routed through.
>
>This is caused by the fact that some user with Southwind received the virus
>through their Outlook email software.  This virus then sends the virus out
>AS everyone listed in their address book.  Therefore, it claims to come from
>the weatherlab, but it's only using an email address it found in the
>infected users address book.
>
>Unfortunately, there is absolutely nothing we can do about it because it
>doesn't come from or through any of our machines.  It claims that it does,
>but it doesn't.  The headers always tell the story.
>
>Kevin White
>KSN New Media Manager
>
>
>
>-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
>visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>  
>


-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]