RE: can someone decipher this?
From: Tim Donahue (TDonahue@haynesconstruction.com)Date: 06/27/02
- Previous message: Jose D. Crespo de Leon: "RE: Word 2000 Password Recovery"
- Maybe in reply to: rcahanap@prodigy.net: "can someone decipher this?"
- Next in thread: Turville, Paul: "RE: can someone decipher this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tim Donahue <TDonahue@haynesconstruction.com> To: "'rcahanap@prodigy.net'" <rcahanap@prodigy.net> Date: Thu, 27 Jun 2002 08:32:00 -0400
Umm... I wouldn't use any tool except one that comes from a known virus
authority, ie McAfee or Symantec. This is one of the ways that the Klez
family of virus's is known to spread.
-----Original Message-----
From: rcahanap@prodigy.net [mailto:rcahanap@prodigy.net]
Sent: Tuesday, June 25, 2002 10:17 PM
To: Guillaume Jacques
Cc: security-basics@securityfocus.com
Subject: RE: can someone decipher this?
The funny thing is I got an email that says this:
---------------------------------------------------------------
W32.Klez.E is a very dangerous virus that spread through email. Kaspersky
give you the very W32.Klez.E removal tools
For more information,please visit http://www.Kaspersky.com
---------------------------------------------------------------
from the same type of headers, originating from USM.EDU. I don't know too
much about the KLEZ virus, I will look it up right now. But don't you think
that's odd that I got an email that revealed that the KLEZ virus is very
dangerous?!? Aren't viruses suppose to hide itself?
-Roberto Cahanap
-----Original Message-----
From: Guillaume Jacques [mailto:me@guillaumejacques.com]
Sent: Tuesday, June 25, 2002 7:42 PM
To: rcahanap@prodigy.net
Subject: RE: can someone decipher this?
Importance: High
Hello Roberto,
it seems to be from ocean.otr.usm.edu, the University of Southern
Mississippi.
There is an instuctor at the USM called John J. Marshak
(http://dl.cice.usm.edu/master/spring02/Ref792.html).
He seems to be part of the Southern Miss Online (http://dl.cice.usm.edu/)
and a member of the Society of Philosophy and History.
Here is more information about him:
Name: John Jack Marshak
Phone: (601) 266-4581
Department: ED LEADERSHIP AND RESEARCH
Title: ASSISTANT PROFESSOR
Office Location: OMH 122A
P.O. Box: 5027
E-mail: Doc.Marshak@usm.edu
Regarding the header of the email, trinity.infinethosting.com seems to be
the last server that sent you the message on 24 Jun 2002 at 13:44:41 -0500.
131.95.135.162 (VCC) is also part of the USM.
The part about tommyd could be false.
Defining the "Content-Type:" of an email message as "Multipart/Alternative"
actually allows you to send an email message in several "parts." One of the
most common uses of this is to send both HTML and text, so that you would
have both of the following content types in the same message:
Content-Type: text/plain
Content-Type: text/html
The choice of which part is displayed in multipart messages is left up to
the recipients' email program.
I have made two SMTP relay check and it seems to be secure enough not to let
pass anything from outside the USM.
Hope this is helping.
Guillaume Jacques
Internet Strategist
me@GuillaumeJacques.com <mailto:me@GuillaumeJacques.com>
http://GuillaumeJacques.com
ICQ: 1284784
In this world some people are going to like me and some are not. So, I may
as well be me. Then I know if someone likes me, they like me.
-----Original Message-----
From: rcahanap@prodigy.net [mailto:rcahanap@prodigy.net]
Sent: Monday, June 24, 2002 11:21 PM
To: security-basics@securityfocus.com
Subject: can someone decipher this?
Someone's been sending me these HTML type email with the IFRAME type tags.
Here is one of the headers from the email. It seems that it is coming from
some person with an account at USM.EDU named J.MARSHAK (all of the emails
have the same type of heading). Can someone explained some, if not all of
these heading information. (I purposely put XXXXXX@XXXXXX.COM to hide my
personal information.)
Thank you in advance.
-Roberto
-----------------------------------------------------
Received: from ocean.otr.usm.edu ([131.95.82.42]) by
trinity.infinethosting.com with Microsoft SMTPSVC(5.0.2195.4905);
Mon, 24 Jun 2002 13:44:41 -0500
Received: from Vcc ([131.95.135.162])
by ocean.otr.usm.edu (8.11.6/8.11.6) with SMTP id g5OIgo231905
for <XXXXXXX@XXXXXXX.com>; Mon, 24 Jun 2002 13:42:55 -0500
Date: Mon, 24 Jun 2002 13:42:55 -0500
Message-Id: <200206241842.g5OIgo231905@ocean.otr.usm.edu>
From: tommyd <tommyd@webzone.net>
To: XXXXXX@XXXXXX.com
Subject: A special nice game
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=O99lPXpKQzJDT73H4
Return-Path: j.marshak@usm.edu
X-OriginalArrivalTime: 24 Jun 2002 18:44:41.0206 (UTC)
FILETIME=[3333E160:01C21BAF]
--------------------------------------------------------
- Previous message: Jose D. Crespo de Leon: "RE: Word 2000 Password Recovery"
- Maybe in reply to: rcahanap@prodigy.net: "can someone decipher this?"
- Next in thread: Turville, Paul: "RE: can someone decipher this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
