Worm.SomeFool.P

L

laserlights2000

[H]ard|Gawd
Joined
Jun 9, 2002
Messages
1,162
Not sure if this is the right place to put it, but I can't seem to find any information on this sucker. Its a returned email.

Any idea on whats going on?

From: amavisd-new <[email protected]>
To: <[email protected]>
Date: Wed, 21 Sep 2005 14:43:41 +0200 (CEST)
Subject: VIRUS (Worm.SomeFool.P) IN MAIL FROM YOU
VIRUS ALERT

Our content checker found
virus: Worm.SomeFool.P
in email presumably from you (<[email protected]>), to the following recipient:
-> [email protected]

Please check your system for viruses,
or ask your system administrator to do so.

Delivery of the email was stopped!


For your reference, here are headers from your email:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <[email protected]>
Received: from plus.cz (unknown [151.204.108.2])
by pdlcra.wia.cz (Postfix) with ESMTP id 1E8CB428DB
for <[email protected]>; Wed, 21 Sep 2005 14:43:39 +0200 (CEST)
From: [email protected]
To: [email protected]
Subject: Re: Mail Authentification
Date: Wed, 21 Sep 2005 08:52:21 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <[email protected]>
-------------------------- END HEADERS ------------------------------


Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=29715-07 - VIRUS: Worm.SomeFool.P
Last-Attempt-Date: Wed, 21 Sep 2005 14:43:41 +0200 (CEST)
 
You have a virus that your own virus checker didn't find. However, the guy you sent the email to had a server that rejects infected messages. What virus program are you using? Might be time to switch.

I use Avast! Home Edition (free) and so far it has only let one virus into my computer to my knowledge.

Many people use AVG free edition.

I have lost hope in Norton and McAfee. They are bloated, slow, and miss tons of stuff. But then again, I think viruses are written specifically to bypass these common AV solutions.

Then next to my antivirus I use Microsoft Antispyware. Between the two it works wonderfullly.
 
Does this mean that the home machine has been infected with a virus or does a zombie machine have the username and password to the AOL account, or is someone just spoofing the return address. If you look at the headers, its recieved from plus.cz. I'm not sure if I'm reading the headers correctly.
 
I would say you are most likely safe.

That sending MTA is listed on a couple RBLs..

http://rbls.org/?q=151.204.108.2..

One in particular says that MTA has been used for "Illegal 3rd party exploits, including proxies, worms and trojan exploits"

So I would say they just spoofed the sending/reply address, then aol bounced it back to your email account. Wouldn't hurt to update the virus definitions on your computers, and run a scan anyways.
 
I'm guessing its not possible to prevent someone from spoofing the sender? Would the best way to deal with this be to ignore it?
 
There is no way for you to stop that from happening. I just ignore those types of emails after I make sure they are not actually coming from me.
 
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <[email protected]>
Received: from plus.cz (unknown [151.204.108.2])

Unless that's your IP address, you didnt send the email. Its faked. No, you can't stop it. Ignore it, blackhole the messages and move on with your day. :)
 
You must log in or register to reply here.
Back
Top