N
Ned
Last week I instaled AOL messenger, removing it again a couple of days ago
Since then Ive had bounced back to me a couple of emails which I never sent
(I never use the particular sender email address and I dont recognize the
recipients)
Ive included the message source for one of them. The other one's source is
very similar.
Both include several of AOL references.
Is there any link between the events? Virus or a spoof?
Im running F-secure, Zone Alarm Pro and am behind a hardware firewall.
thanks
Return-Path: <>
Received: from omr-m05.mx.aol.com ([64.12.138.17])
by mta07-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
id
<20030821173336.KAOS27190.mta07-svc.ntlworld.com@omr-m05.mx.aol.com>
for <[email protected]>; Thu, 21 Aug 2003 18:33:36 +0100
Received: from rly-xm05.mx.aol.com (rly-xm05.mail.aol.com [172.20.83.106])
by omr-m05.mx.aol.com (v90_r2.6) with ESMTP id RELAYIN7-0821133308; Thu, 21
Aug 2003 13:33:08 -0400
Received: from localhost (localhost)
by rly-xm05.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
with internal id NAD02261;
Thu, 21 Aug 2003 13:33:08 -0400 (EDT)
Date: Thu, 21 Aug 2003 13:33:08 -0400 (EDT)
From: Mail Delivery Subsystem <[email protected]>
Message-Id: <[email protected]>
To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="NAD02261.1061487188/rly-xm05.mx.aol.com"
Subject: Returned mail: Service unavailable
Auto-Submitted: auto-generated (failure)
This is a MIME-encapsulated message
--NAD02261.1061487188/rly-xm05.mx.aol.com
The original message was received at Thu, 21 Aug 2003 13:32:44 -0400 (EDT)
from [200.232.209.41]
*** ATTENTION ***
Your e-mail is being returned to you because there was a problem with its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail
could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.
Please direct further questions regarding this message to your e-mail
administrator.
--AOL Postmaster
----- The following addresses had permanent fatal errors -----
<[email protected]>
----- Transcript of session follows -----
.... while talking to air-xm03.mail.aol.com.:<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not
been sent.
554 <[email protected]>... Service unavailable
--NAD02261.1061487188/rly-xm05.mx.aol.com
Content-Type: message/delivery-status
Reporting-MTA: dns; rly-xm05.mx.aol.com
Arrival-Date: Thu, 21 Aug 2003 13:32:44 -0400 (EDT)
Final-Recipient: RFC822; (e-mail address removed)
Action: failed
Status: 5.0.0
Remote-MTA: DNS; air-xm03.mail.aol.com
Diagnostic-Code: SMTP; 554 TRANSACTION FAILED - Unrepairable Virus Detected.
Your mail has not been sent.
Last-Attempt-Date: Thu, 21 Aug 2003 13:33:08 -0400 (EDT)
--NAD02261.1061487188/rly-xm05.mx.aol.com
Content-Type: text/rfc822-headers
Received: from MOISA ([200.232.209.41]) by rly-xm05.mx.aol.com (v95.1) with
ESMTP id MAILRELAYINXM52-6103f450228106; Thu, 21 Aug 2003 13:32:28 -0400
From: <[email protected]>
To: <[email protected]>
Subject: Your details
Date: Thu, 21 Aug 2003 14:43:27 --0300
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_001FE085"
X-AOL-IP: 200.232.209.41
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <[email protected]>
--NAD02261.1061487188/rly-xm05.mx.aol.com--
Since then Ive had bounced back to me a couple of emails which I never sent
(I never use the particular sender email address and I dont recognize the
recipients)
Ive included the message source for one of them. The other one's source is
very similar.
Both include several of AOL references.
Is there any link between the events? Virus or a spoof?
Im running F-secure, Zone Alarm Pro and am behind a hardware firewall.
thanks
Return-Path: <>
Received: from omr-m05.mx.aol.com ([64.12.138.17])
by mta07-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
id
<20030821173336.KAOS27190.mta07-svc.ntlworld.com@omr-m05.mx.aol.com>
for <[email protected]>; Thu, 21 Aug 2003 18:33:36 +0100
Received: from rly-xm05.mx.aol.com (rly-xm05.mail.aol.com [172.20.83.106])
by omr-m05.mx.aol.com (v90_r2.6) with ESMTP id RELAYIN7-0821133308; Thu, 21
Aug 2003 13:33:08 -0400
Received: from localhost (localhost)
by rly-xm05.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
with internal id NAD02261;
Thu, 21 Aug 2003 13:33:08 -0400 (EDT)
Date: Thu, 21 Aug 2003 13:33:08 -0400 (EDT)
From: Mail Delivery Subsystem <[email protected]>
Message-Id: <[email protected]>
To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="NAD02261.1061487188/rly-xm05.mx.aol.com"
Subject: Returned mail: Service unavailable
Auto-Submitted: auto-generated (failure)
This is a MIME-encapsulated message
--NAD02261.1061487188/rly-xm05.mx.aol.com
The original message was received at Thu, 21 Aug 2003 13:32:44 -0400 (EDT)
from [200.232.209.41]
*** ATTENTION ***
Your e-mail is being returned to you because there was a problem with its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail
could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.
Please direct further questions regarding this message to your e-mail
administrator.
--AOL Postmaster
----- The following addresses had permanent fatal errors -----
<[email protected]>
----- Transcript of session follows -----
.... while talking to air-xm03.mail.aol.com.:<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not
been sent.
554 <[email protected]>... Service unavailable
--NAD02261.1061487188/rly-xm05.mx.aol.com
Content-Type: message/delivery-status
Reporting-MTA: dns; rly-xm05.mx.aol.com
Arrival-Date: Thu, 21 Aug 2003 13:32:44 -0400 (EDT)
Final-Recipient: RFC822; (e-mail address removed)
Action: failed
Status: 5.0.0
Remote-MTA: DNS; air-xm03.mail.aol.com
Diagnostic-Code: SMTP; 554 TRANSACTION FAILED - Unrepairable Virus Detected.
Your mail has not been sent.
Last-Attempt-Date: Thu, 21 Aug 2003 13:33:08 -0400 (EDT)
--NAD02261.1061487188/rly-xm05.mx.aol.com
Content-Type: text/rfc822-headers
Received: from MOISA ([200.232.209.41]) by rly-xm05.mx.aol.com (v95.1) with
ESMTP id MAILRELAYINXM52-6103f450228106; Thu, 21 Aug 2003 13:32:28 -0400
From: <[email protected]>
To: <[email protected]>
Subject: Your details
Date: Thu, 21 Aug 2003 14:43:27 --0300
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_001FE085"
X-AOL-IP: 200.232.209.41
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <[email protected]>
--NAD02261.1061487188/rly-xm05.mx.aol.com--