Today I received an email with a virus in it: It looked like the message that was sent from me to all users when we changed the domain name. I scanned it with www.spamcop.net and it appears to come from the ntlworld.com domain.
I deleted the 2 users with that domain in the email address and blocked it.

Here is the original message with the headers, it was blocked by Norton:


X-Symantec-TimeoutProtection: 0
Return-path: <tormento@partners2.100mwh.com>
Envelope-to:
Delivery-date: Sun, 16 May 2004 11:05:10 -0600
Received: from tormento by partners2.100mwh.com with local-bsmtp (Exim 4.34)
    id 1BPP4V-00069j-R2
    for ; Sun, 16 May 2004 11:05:10 -0600
Received: from [209.228.29.61] (helo=n064.sc1.cp.net)
    by partners2.100mwh.com with esmtp (Exim 4.34)
    id 1BPP4U-00069e-Ig
    for ; Sun, 16 May 2004 11:05:07 -0600
Received: from posetteforever.com (81.103.216.144) by n064.sc1.cp.net (7.0.027.3-1)
        id 4089B512001849D8 for ; Sun, 16 May 2004 17:04:58 +0000
Message-ID: <4089B512001849D8@n064.sc1.cp.net> (added by )
From:
To:
Subject: Re:  Posetteforever temporary address!
Date: Sun, 16 May 2004 18:07:06 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0004_96E69A13.09F60AEB"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on partners2.100mwh.com
X-Spam-Status: No, hits=2.1 required=5.0 tests=FORGED_MUA_OUTLOOK,
    HTML_MESSAGE,NO_REAL_NAME,RCVD_IN_NJABL,RCVD_IN_SORBS autolearn=no
    version=2.63
X-Spam-Level: **

This is a multi-part message in MIME format.

------=_NextPart_000_0004_96E69A13.09F60AEB
Content-Type: text/plain;
    charset="Windows-1252"
Content-Transfer-Encoding: 7bit


----- Original Message -----
From:
To:
Subject: Posetteforever temporary address!


>
>
>Include this full email (particularly the headers).
>
>Message sent to you follows:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>Hi, the transfer is done our new permanent address is
>
>http://posetteforever.com
>
>or
>
>http://posetteforever.tk
>
>Best regards !
>
>AD>
><META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-asci=
>i">
><META content=3D"MSHTML 6.00.2462.0000" name=3DGENERATOR>


------=_NextPart_000_0004_96E69A13.09F60AEB
Content-Type: application/octet-stream;
    name="13.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
    filename="13.zip"

UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA==
------=_NextPart_000_0004_96E69A13.09F60AEB--

____________

I got a strange email myself today..I deleted it...this email claimed to be a returned to sender something like that...I have`nt emailed anyone lately so I zapped it.
might be another bug out there.

I hope that it isn't a mail from here....

____________

All is right with me! Only two normal replys from the form!

All is right with me! Only two normal replys from the forum!   Sorry!I forgot the "u"!

I had something like that but stopped it before it went anywhere.I did not come from here.

It was`nt from here...my alternate email address got the same thing,
it will ethier email delivery failure or some type of returned email.
If you get something along these lines..DELETE IT.
if you did`nt send an email recently, ignore it.
Sometimes jokers drop viruses in these email so don`t open it.
Remember if you use windows 95/98/XP..etc..hackers and virus makers
love to reek havoc on these OS, for some reasom Mac and Linux seem to be safe for now.
but keep your gaurd up anyway.

Yes
there is a version of, I think, netsky at the moment
It comes by an attachment 49,9kb sized. I had 7 of them today
be carefull

____________

    

____________

Never open an email with attachments.  When you do, all that you are doing
is spreading the email virus from you address book to everyone on the list
and so on.
If I don't know the sender, the email goes straight to the trash bin and is deleted.

The virus didn't originate from here, but it is possible that a member's email was infected
and it spread that way without their knowledge.
These things pop-up almost every few weeks, so we all have to be vigilant.

A friend told me that if I don't use the Microsoft Outlook the virus don't work! Someone knows if it is true?     

No it isn't. In order to infect your computer with a virus from e-mail, you HAVE to execute an attachment. You won't get infected for just viewing the text of the E-mail. The virus itself needs to be executed. As a rule, never execute any unknown attachments. Even some known ones for that matter. Another course of action for anyone using an NT based O/S. eg win XP, 2000, NT workstation, server etc. is to manually disable your tftp port. port 69. As many viruses eg. nimda, used this port to replicate itself over a network. Port 69 is used for tftp traffic, which is basically trafic to flash software images to e-proms on routers and other peripheral equipment. if you aren't doing anything like that, then there is no need for it to be open.

PM me for more info....

____________
I'd rather have a bottle in front of me then a frontal lobotomy.......

My grey matter is turning white, my proof is my grey hair....

Thanks Landman!

Anytime Jan...

____________
I'd rather have a bottle in front of me then a frontal lobotomy.......

My grey matter is turning white, my proof is my grey hair....