Worm.SomeFool.P

laserlights2000

[H]ard|Gawd
Joined
Jun 9, 2002
Messages
1,162
Not sure if this is the right place to put it, but I can't seem to find any information on this sucker. Its a returned email.

Any idea on whats going on?

From: amavisd-new <postmaster@plus.cz>
To: <xxxxxx@aol.com>
Date: Wed, 21 Sep 2005 14:43:41 +0200 (CEST)
Subject: VIRUS (Worm.SomeFool.P) IN MAIL FROM YOU
VIRUS ALERT

Our content checker found
virus: Worm.SomeFool.P
in email presumably from you (<xxxxx@aol.com>), to the following recipient:
-> mmareckova@plus.cz

Please check your system for viruses,
or ask your system administrator to do so.

Delivery of the email was stopped!


For your reference, here are headers from your email:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <xxxxx@aol.com>
Received: from plus.cz (unknown [151.204.108.2])
by pdlcra.wia.cz (Postfix) with ESMTP id 1E8CB428DB
for <mmareckova@plus.cz>; Wed, 21 Sep 2005 14:43:39 +0200 (CEST)
From: xxxxxx@aol.com
To: mmareckova@plus.cz
Subject: Re: Mail Authentification
Date: Wed, 21 Sep 2005 08:52:21 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20050921124339.1E8CB428DB@pdlcra.wia.cz>
-------------------------- END HEADERS ------------------------------


Final-Recipient: rfc822; mmareckova@plus.cz
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=29715-07 - VIRUS: Worm.SomeFool.P
Last-Attempt-Date: Wed, 21 Sep 2005 14:43:41 +0200 (CEST)
 

Asgorath

[H]ard|Gawd
Joined
Jul 12, 2004
Messages
1,253
You have a virus that your own virus checker didn't find. However, the guy you sent the email to had a server that rejects infected messages. What virus program are you using? Might be time to switch.

I use Avast! Home Edition (free) and so far it has only let one virus into my computer to my knowledge.

Many people use AVG free edition.

I have lost hope in Norton and McAfee. They are bloated, slow, and miss tons of stuff. But then again, I think viruses are written specifically to bypass these common AV solutions.

Then next to my antivirus I use Microsoft Antispyware. Between the two it works wonderfullly.
 

laserlights2000

[H]ard|Gawd
Joined
Jun 9, 2002
Messages
1,162
Does this mean that the home machine has been infected with a virus or does a zombie machine have the username and password to the AOL account, or is someone just spoofing the return address. If you look at the headers, its recieved from plus.cz. I'm not sure if I'm reading the headers correctly.
 

Gertrude

Gawd
Joined
Jul 9, 2002
Messages
1,019
I would say you are most likely safe.

That sending MTA is listed on a couple RBLs..

http://rbls.org/?q=151.204.108.2..

One in particular says that MTA has been used for "Illegal 3rd party exploits, including proxies, worms and trojan exploits"

So I would say they just spoofed the sending/reply address, then aol bounced it back to your email account. Wouldn't hurt to update the virus definitions on your computers, and run a scan anyways.
 

laserlights2000

[H]ard|Gawd
Joined
Jun 9, 2002
Messages
1,162
I'm guessing its not possible to prevent someone from spoofing the sender? Would the best way to deal with this be to ignore it?
 

Gertrude

Gawd
Joined
Jul 9, 2002
Messages
1,019
There is no way for you to stop that from happening. I just ignore those types of emails after I make sure they are not actually coming from me.
 

Bullitt

2[H]4U
Joined
Sep 28, 2004
Messages
2,560
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <xxxxx@aol.com>
Received: from plus.cz (unknown [151.204.108.2])

Unless that's your IP address, you didnt send the email. Its faked. No, you can't stop it. Ignore it, blackhole the messages and move on with your day. :)
 
Top