Anyone else get an email

[smb_racing]

Hey all,
got an email in my inbox this morning, the sender was "[email protected]" and the subject was cell padding. No text to the email, just 3 attachments, a small jpeg image and then two text files which contained this:

------------------ Virus Warning Message ------------------

Found virus WORM_KLEZ.H in file width.exe
The uncleanable file is deleted.

For more information regarding Xtra's anti-virus email filter please visit
http://xtra.co.nz/anti-virus Please do not reply to this mailbox, as it is
not managed. Any enquiries regarding anti-virus should be directed to
[email protected]

-------------------------------------------------------------

Just wondering what was up, thanks.

 

[smb_racing]

digging further the addy appears to be bogus, just maybe though this could be a heads up. Thanks

Return-path: [email protected]
Envelope-to: [email protected]
Delivery-date: Tue, 23 Jul 2002 22:19:31 -0400
Received: from mta204-rme.xtra.co.nz ([210.86.15.147])
by rob.vosn.net with esmtp (Exim 3.35 #1)
id 17XBkQ-0001z6-00
for [email protected]; Tue, 23 Jul 2002 22:19:31 -0400
Received: from mta4-rme.xtra.co.nz ([210.86.15.143])
by mta204-rme.xtra.co.nz with ESMTP
id <20020724021853.GGUC4531.mta204-rme.xtra.co.nz@mta4-rme.xtra.co.nz>
for <[email protected]>; Wed, 24 Jul 2002 14:18:53 +1200
Received: from Adbwubv ([210.86.66.179]) by mta4-rme.xtra.co.nz with SMTP
id <20020724021841.RNSR13071.mta4-rme.xtra.co.nz@Adbwubv>
for <[email protected]>; Wed, 24 Jul 2002 14:18:41 +1200
From: Pooh <[email protected]>
To: [email protected]
Subject: CellPadding
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=WNt4795wkKg3sY73CSweg8X
Message-Id: <20020724021841.RNSR13071.mta4-rme.xtra.co.nz@Adbwubv>
Date: Wed, 24 Jul 2002 14:18:52 +1200

 

[IrishEKU]

smb_racing,
The e-mail may be bogus but those WORM virus' are the worst thing I have ever had on my system. They are self replicating and eat up alot of memory. My system was so ate up that I couldn't run Word or picture software due to an error message that popped up stating I didn't have enough system memory to run the application. $75.00 bucks paid to my computer guru and a clean system sure solved some headaches :|

 

[smb_racing]

and I got it AGAIN! from the same place, kinda, the group is xtra.co.nz so I don't know why I keep receiving it.

 

[AJ Waggoner]

WOW- thats likely a virus that self sends with the user not knowing.. that it is even happening or infected.
I know our employee Pooh isnt sending out viruses on purpose in a no text email.His only emails are in answer to parts orders.

I will tell the computer guy here he needs to look at our
Service Honda email system as we are very careful of viruses like this !!

 

[txvintage]

AJ, your guy/computer probably is infected and it is working it's way through the address book and or sent folder of you e-mail program sending the e-mails.

Curious to know if SMB has exchanged e-mails with you guys before.

 

[AJ Waggoner]

Checked into it.
That email did not originate from here or our mail server.
Or our mail program.
It is not a virus hidden in our email progam sending without us knowing.
( i have seen those types before, bad news as well)

it is a virus that somehow uses a particular email address in a string but originates elsewhere, could be ANY mail server -
If you follow it uses a random email but generates from its own server.
an "impersonater" virus of sorts.
It will possible impersonate smb's email but it wont infect and send that mail from his address or email program like those "older style viruses " did.
it will send from a totally seperate server but use any valid email on the net it happens to select. Somehow from a email string.

If you look at SMB's info you can see the path was from a new zealand mail server.
not from any mail server that "pooh@servicehonda" would be registerd to or be able to use even.

Sorry for the troubles SMB but this virus is random and from here, even though it "impersonated " a valid address here.

 

[smb_racing]

I knew it was a bogus addy AJ, the only email I've ever sent to service honda was a thank you from last dirtweek and that was from my yahoo address. It arrived to my dirtrider.net addy and I've only had that for two weeks tops. I got another one today, same deal.

Second virus info:
Return-path: [email protected]
Envelope-to: [email protected]
Delivery-date: Wed, 24 Jul 2002 22:21:51 -0400
Received: from mta204-rme.xtra.co.nz ([210.86.15.147])
by rob.vosn.net with esmtp (Exim 3.35 #1)
id 17XYGF-0005WY-00
for [email protected]; Wed, 24 Jul 2002 22:21:51 -0400
Received: from mta3-rme.xtra.co.nz ([210.86.15.140])
by mta204-rme.xtra.co.nz with ESMTP
id <20020725022112.OVHN4531.mta204-rme.xtra.co.nz@mta3-rme.xtra.co.nz>
for <[email protected]>; Thu, 25 Jul 2002 14:21:12 +1200
Received: from Wyenobzp ([210.86.66.179]) by mta3-rme.xtra.co.nz with SMTP
id <20020725022046.QPEL2382.mta3-rme.xtra.co.nz@Wyenobzp>
for <[email protected]>; Thu, 25 Jul 2002 14:20:46 +1200
From: info <[email protected]>
To: [email protected]
Subject: SUZUKI RM65K3
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=G5KtC226c7j9
Message-Id: <20020725022046.QPEL2382.mta3-rme.xtra.co.nz@Wyenobzp>
Date: Thu, 25 Jul 2002 14:21:12 +1200


Third virus info:
Return-path: [email protected]
Envelope-to: [email protected]
Delivery-date: Thu, 25 Jul 2002 22:56:39 -0400
Received: from mta204-rme.xtra.co.nz ([210.86.15.147])
by rob.vosn.net with esmtp (Exim 3.35 #1)
id 17XvHT-00057b-00
for [email protected]; Thu, 25 Jul 2002 22:56:39 -0400
Received: from mta3-rme.xtra.co.nz ([210.86.15.141])
by mta204-rme.xtra.co.nz with ESMTP
id <20020726025558.YLEA4531.mta204-rme.xtra.co.nz@mta3-rme.xtra.co.nz>
for <[email protected]>; Fri, 26 Jul 2002 14:55:58 +1200
Received: from Coius ([210.86.66.179]) by mta3-rme.xtra.co.nz with SMTP
id <20020726025536.NYDA2382.mta3-rme.xtra.co.nz@Coius>
for <[email protected]>; Fri, 26 Jul 2002 14:55:36 +1200
From: nikospaxie <[email protected]>
To: [email protected]
Subject: End of Counted! Safe
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=U36RC1k4gL4Z10
Message-Id: <20020726025536.NYDA2382.mta3-rme.xtra.co.nz@Coius>
Date: Fri, 26 Jul 2002 14:55:58 +1200

It's stupid really because their outgoing mail server kills the vrius, mainly just a pain in the butt :|

 

[smb_racing]

strange, but the image attached to the third virus was from a bike event :think:

 

[JuliusPleaser]

Could the '.co.nz' mean it came from New Zealand?

 

[biglou]

Look at the colors on the number plates-Overseas picture. (That's me. Master of the obvious...)