Its strange I log into my email today ( havent checked or sent mail in days ) and I see this
Content-Transfer-Encoding: quoted-printable
This message was created automatically by mail delivery software (Exim).
A message that you sent could not be delivered to one or more of its recipients.
This is a permanent error. The following address(es) failed:adrita@hotmail.com
The thing is i did not send any mail to any hotmail user because i dont even know anyone who uses hotmail. Anyone know of a worm or anything that uses the address adrita@hotmail.com? I checked around a few places but came up with nothing.
July 7th, 2002, 09:28 PM
redgore
could be a strain of klez on the email providers server. Email them to tell them of this.
July 7th, 2002, 09:29 PM
Euclid
thats what i was thinking. But the only thing is the server is running apache and freebsd. Isnt klez just for windows?
July 7th, 2002, 09:31 PM
prodikal
but doesent the klez worm spread with users on your contact list and euclid says he doesent know any 1 using hotmail
July 7th, 2002, 09:36 PM
redgore
Klez is an odd worm. It doesnt have to reside on your machine! It tends to use random from addresses on one users addressbook. Therfor any failed ones get returned to you.
No it doesnt. on some variants of it it generates random emails with well known email domains. Others picks them up from someone elkses machine. Klez has about 15 or so variants.
July 7th, 2002, 09:39 PM
prodikal
thanks for clearing that up redgore appologies my mistake sorry
July 7th, 2002, 09:48 PM
redgore
Its ok!! May i suggest looking at some AV sites for klez definitions. It is an interesting worm with loads of variants
July 7th, 2002, 09:50 PM
Euclid
redgore, so do you think it is my computer or the mail server that is infected [if even is] or just someone that has me in their address book [and if that is the case if someone else is infected wouldnt I only get the bounced message if I or mail provider was infected] because I havent accessed my email from home in a while I mainly check at work wich is a corporate lan with its own email system. So if it was this computer or network that was infected wouldnt it most likly have sent the mail using our smtp server instead of my email provider wich i check here threw webmail?
July 7th, 2002, 09:54 PM
redgore
Could be any of those. If its webmail its doubtful you have it. that narrows it down to the providers server or someone who has your email or a random person from anywhere in the world
July 7th, 2002, 10:13 PM
Tedob1
to add to what redgore said
klez uses a random name from the phonebooks of infected computers to use as a senders address. if the mail-to address no longer exists, it gets returned to you as the return address address listed, and not the infected machine.
