Strange Email Attachment Virus
Results 1 to 5 of 5

Thread: Strange Email Attachment Virus

  1. #1

    Question Strange Email Attachment Virus

    I got an odd e-mail this morning. It's obviously a mail attachment virus/worm of some sort, but the e-mail doesn't seem to fit the typical MyDoom mailings. It's a "returned e-mail" that says I had unsuccesfully sent out a message entitled "Server Report". From what I've read thus far I have heard of MyDoom pretending to be an undeliverable e-mail message, but not quite as specific as this one (as a "Server Report"?). The antivirus software did it's job of eliminating it well, so the actual attachment is gone (darn the luck, was hoping to play with it). But here's the text from the e-mail body:

    ----------------------------------------------------------------------------------------------------------
    Your message

    To: jose@nab.org
    Subject: Server Report
    Sent: Tue, 3 Feb 2004 07:51:58 -0500

    did not reach the following recipient(s):

    jose@nab.org on Tue, 3 Feb 2004 07:52:00 -0500
    The recipient name is not recognized
    The MTS-ID of the original message is: c=us;a=
    ;p=ex-nab;l=MAIL040203125111RVNT9D
    MSEXCH:IMS:EX-NAB:WASHDC:MAIL 0 (000C05A6) Unknown Recipient



    *** Original Email:
    From: james@hutchinson-ifrah.com
    To: jose@nab.org
    Subject: Server Report
    Date: Tue, 3 Feb 2004 07:51:58 -0500
    MIME-Version: 1.0
    X-Mailer: Internet Mail Service (5.5.2653.19)
    X-MS-Embedded-Report:
    Content-Type: multipart/mixed;
    Mail transaction failed. Partial message is available.



    *** End Original Email
    ---------------------------------------------------------------------------------------------------------

    Does this look familiar to anyone?

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Actually it does those too.
    Source: Network Associates

    From: (Spoofed email sender)
    Do not assume that the sender address is an indication that the sender is infected. Additionally you may receive alert messages from a mail server that you are infected, which may not be the case.

    Subject: (Varies, such as)

    * Error
    * Status
    * Server Report
    * Mail Transaction Failed
    * Mail Delivery System
    * hello
    * hi

    Body: (Varies, such as)

    * The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
    * The message contains Unicode characters and has been sent as a binary attachment.
    * Mail transaction failed. Partial message is available.

    Attachment: (varies [.bat, .exe, .pif, .cmd, .scr] - often arrives in a ZIP archive) (22,528 bytes)

    * examples (common names, but can be random)
    * doc.bat
    * document.zip
    * message.zip
    * readme.zip
    * text.pif
    * hello.cmd
    * body.scr
    * test.htm.pif
    * data.txt.exe
    * file.scr
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Member
    Join Date
    Jan 2004
    Posts
    36
    well....i made theart called latest virus threats...i think u should check it out and here is this link it might help u find it.....
    http://securityresponse.symantec.com...r/vinfodb.html

    peace

  4. #4
    That's right, I overlooked "Server Report' being listed in there. Mystery solved!

  5. #5
    Banned
    Join Date
    Jun 2003
    Posts
    927
    I got an odd e-mail this morning. It's obviously a mail attachment virus/worm of some sort, but the e-mail doesn't seem to fit the typical MyDoom mailings.
    LOL...i just have to say it but i get like 500 mails a week lol...its a SBC Yahoo dsl mail and how come they dont block advertisement mails...anyways....never heard of that one....did your AV tell you its name?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •