Re: What is going on here?

From: D McAuliffe (DaveMcA_at_mailinator.com)
Date: 04/24/04 

Date: Sat, 24 Apr 2004 06:44:33 -0400

"Stan" <me@there> wrote in message
news:%23HBa$SbKEHA.4052@TK2MSFTNGP11.phx.gbl...
> I have received the following emails (or similar) a number of times:

> No1
> Subject: Test ScanMail has detected a virus!
> was not delivered to:
> steve@xybanetx.co.za
> because:
> Recipient user name steve (steve@xybanetx.co.za) not unique.
> Several matches found in Domino Directory.
> ----------------------------
> No2
> Xybanetx mail system has detected a virus during a real-time scan of
> the email traffic.
> Date: 24/04/2004 01:59:06 AM
> Subject: Test
> Virus: WORM_MYDOOM.J
> File: hrty.scr
> From: = I have removed my correct email address=
> To: steve@xybanetx.co.za
> Action: Uncleanable, Quarantined;
> ----------------------------------------------------------------------
> ----------------------------
>
> I have never sent an email to steve@xybanetx.co.za , and that email is
> not in my address book
> I do not have 'ScanMail' or any Lotus products
> Norton Internet Security automatically removes a 'threat' on receipt
> of these emails, and no problems are indicated on a full Norton anti
> virus scan
>
> Is there any way I can stop this happening in future, as this occurs
> almost every day?
>
> Thanks in advance.
>
> Stan
> South Africa

Someone that has your address on their computer, not necessarily in an
address book, is infected with MyDoom. MyDoom appended a common name,
steve, to the domain xybanetx.co.za then sent this "person" an infected
email placing you into the From address. The receiving domain's mail system
did not recognize steve as a valid address and sent out a notice to the From
address - you. They also detected MyDoom and sent a notice of that fact to
the From address - you again.

Since xybanetx.co.za did not send you the headers of the original email they
received, you can't contact the infected user's ISP to notify them. You
could tell abuse@xybanetx.co.za to either stop mailing these foolish things
or at least send you the original headers. 

-- 
~~~~~~~~~~~~~~~~~
Dave McAuliffe
Central Mass. USA
To E-mail -
  Replace: mailinator.com
  With:      email.com
~~~~~~~~~~~~~~~~~

Relevant Pages

  • Re: Swen.a virus?
    ... was receiving several of these screwey e-mails per ... Norton was detecting them as having virus ... >keywords are in all of the infected messages and they are ... >computers scanned for viruses. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Pesky virus
    ... > non-espersunited.com email account an email from someone I don't know ... > that they had a virus. ... and in some cases the systems receiving those messages will contact the ... address and have used it to send out forged emails to others. ...
    (Fedora)
  • Re: E-Mail received - Anyone Else affected?????
    ... A VIRUS HAS BEEN DETECTED ON YOUR COMPUTER. ... Belize City, Belize none ... > WINDOWS SECURITY WARNING!! ... > YOU WILL KEEP RECEIVING THIS SECURITY ALERT EMAIL EVERY DAY. ...
    (microsoft.public.security)
  • Re: WARNING!Important please read
    ... And yes I update virus ... >virus' authors have deliberately spoofed the Microsoft ... >Information on Bogus Microsoft Security Bulletin Emails ... > You're receiving these emails because your email ...
    (microsoft.public.windowsxp.general)
  • What is going on here?
    ... Test ScanMail has detected a virus! ... Norton Internet Security automatically removes a 'threat' on receipt ...
    (microsoft.public.security.virus)