CRIME Thanks for the info ref: Spoofed by Klez

From: John E Jewkes-AAA0OR-AAA0ID (aar0mi@private)
Date: Sun Sep 15 2002 - 07:34:47 PDT

Next message: brvarin@private: "CRIME Counterpane Security Incident Alert; Apache/mod-SSL Worm Propogating in Wild; I20020915-001"

Previous message: Andrew Plato: "RE: CRIME How to stop this from happening....."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

        Thanks to the list members for all the good and quick info. 
We have a great group here. I have 'downloaded' the text version 
of the Email using stripmime. 
--------------------------------------text headers----------------
From: NAV for Microsoft Exchange-CR1 <NAVMSE-CR1@private>
To: 'john' <john@private>
Date: Fri, 13 Sep 2002 08:15:08 -0700
Subject: Norton AntiVirus detected a virus in a message you sent.  The
inf ected attachment was deleted.
Message-ID: <CB832F600EEE5246840D4E6FC9BDDEA2034942@private>
Received: from mx7.boston.juno.com (mx7.boston.juno.com [64.136.24.129])
        by m4.jersey.juno.com with SMTP id AAA82EANSA2NC4TS
        for <john.jewkes@private> (sender <NAVMSE-CR1@private>);
        Fri, 13 Sep 2002 11:17:36 -0400 (EST)
Received: from server2028.virtualave.net (server2028.go2net.com
[66.150.0.228])
        by mx7.boston.juno.com with SMTP id AAA82EANSAQRTT4S
        for <john.jewkes@private> (sender <NAVMSE-CR1@private>);
        Fri, 13 Sep 2002 11:17:36 -0400 (EST)
Received: (qmail 99533 invoked by alias); 13 Sep 2002 15:17:35 -0000
Received: (qmail 99527 invoked from network); 13 Sep 2002 15:17:35 -0000
Received: from unknown (HELO CR1.crdomain) (12.107.19.238)
  by server2028.go2net.com with SMTP; 13 Sep 2002 15:17:35 -0000
Received: by CR1.crdomain with Internet Mail Service (5.5.2653.19)
        id <STCLZNC6>; Fri, 13 Sep 2002 08:15:15 -0700
X-Mailer: Internet Mail Service (5.5.2653.19)
MIME-Version: 1.0
Content-Type: multipart/mixed; 
        boundary="----_=_NextPart_000_01C25B38.58F0FDC0"
Return-Path: <NAVMSE-CR1@private>
X-MS-TNEF-Correlator:
<CB832F600EEE5246840D4E6FC9BDDEA2034942@private>
Delivered-To: alias-hmv-john@private
Message-ID: <CB832F600EEE5246840D4E6FC9BDDEA2034942@private>
 
Recipient of the infected attachment:  Andrea Moe\Inbox
Subject of the message:  Worm Klez.E immunity
One or more attachments were deleted
  Attachment Page.exe was Deleted for the following reasons:
    Virus W32.Klez.H@mm was found.  
----------------------------------------text
ends----------------------------
This was the message sent to me in response to my 'sending' it out. I
have sent
a query to the sender 'navmse-cr1@ sbnature2.org' but have yet to receive
even
an auto-reply. I was hoping to get the original in-bound headers from
them to see
if the real culprit could be found and advised.....

John Jewkes, SMD US ARMY MARS
Oregon/Idaho State Director
AAA0OR OR/AAA0ID ID/AAR0MI OR
W6HNC

________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/web/.

Next message: brvarin@private: "CRIME Counterpane Security Incident Alert; Apache/mod-SSL Worm Propogating in Wild; I20020915-001"
Previous message: Andrew Plato: "RE: CRIME How to stop this from happening....."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Sep 15 2002 - 09:08:21 PDT