Jump to content

Virus:worm.somefool.gen-2

Ninepatch

By Ninepatch
in Security Discussions

 Share

Recommended Posts

Ninepatch Experienced

Ninepatch

Posted
Posted

I received this e-mail from my ISP today. It blocked an e-mail generated by my personal website, forwarding e-mail to my ISP mailbox. Why it was blocked is clear. I don't know how to interpret this, however, and am not sure if or what I need to do. Any advice is greatly appreciated. ;)

 

COPIED E-MAIL:

 

Attention! 000b6080@cpimssmtpa15.msn.com sent you an infected message with the

VIRUS: Worm.SomeFool.Gen-2

It was rejected for delivery.

 

 

Original message headers:

============================================================

 

Received: from server56.totalchoicehosting.com ([69.93.215.164] verified)

by mail2.visn.net (CommuniGate Pro SMTP 4.0.5)

with ESMTP-TLS id 25220741 for sew2pcs@visn.net; Mon, 05 Apr 2004 22:53:33 -0400

Received: from [4.153.238.39] (helo=deliahfair.com)

by server56.totalchoicehosting.com with smtp (Exim 4.30)

id 1BAgib-00057N-Jm

for beth@deliahfair.com; Mon, 05 Apr 2004 21:53:42 -0500

From: 000b6080@cpimssmtpa15.msn.com

To: beth@deliahfair.com

Subject: stolen

Date: Mon, 5 Apr 2004 22:55:20 -0400

MIME-Version: 1.0

Content-Type: multipart/mixed; boundary="63545487"

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - server56.totalchoicehosting.com

X-AntiAbuse: Original Domain - deliahfair.com

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - cpimssmtpa15.msn.com

Message-ID: <auto-000025220741@mail2.visn.net>

 

============================================================

ThumpAZ Mentor

ThumpAZ

Posted
Posted

Sorry for the slow reply... I just got online and saw this.

 

The original domain is either the msn address (cpimssmtpa15.msn.com) or not visible in this posting. I never really trust these blocked headers like this to have all the info.

I can see where it was sent into your TCH mailbox, but not that it originated there.

 

I would bet that the address information was an attempted spoof, and you or any servers you deal with are not truly infected with anything. You, more than likely, have nothing to worry about.

Ninepatch Experienced

Ninepatch

Posted
  • Author
Posted

Thank you, Glenn. Time for me to settle down and learn how to read this kind of communication, and learn more than I currently know about web-spread mischief.

 

In the meantime, I'm really grateful for folks like you who are so generous with your knowledge. Thumbs Up

 

Beth

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...