[NTLUG:Discuss] is this possible

terry linux at cowtown.net
Fri Aug 22 05:58:55 CDT 2003 

fredjame wrote:

> I run a Mandrake Linux 9.1 desktop, and that is where my Mozilla mail 
> client is.
> I just received an email containing the message below - suggesting 
> that I sent a message containing Win32/Sobig.F.Trojan to mhti at pct.edu.
> Beyond the fact that I don't know anyone with that address and haven't 
> sent such a message, and that I know I address could easily faked into 
> a message sent from almost any MS machine, is it possible for this 
> virus to be using my Linux machine as a base of opperations?
>
> >>
>
>   ----- The following address(es) had permanent fatal errors -----
> <mhti at pct.edu>; originally to mhti at pct.edu (unrecoverable error)
>      The mail system encountered a delivery failure, code -18.
>      This failure could be due to circumstances out of its control,
>      please check the transcript for details
>        ----- Transcript of session follows -----
> Your message is being returned since it seems to contain the
> Win32/Sobig.F.Trojan virus
>
> ------------------------------------------------------------------------
>
> Reporting-MTA: dns; email.pct.edu
> Arrival-Date: Thu, 21 Aug 2003 16:26:55 -0500
> Original-Recipient: mhti at pct.edu
> Final-Recipient: mhti at pct.edu
> Action: failed
> Status: 5.0.0
> <<
>
It's not you.  
It's one of your MS user friends that has your email address in their 
addressbook or on documents from or about you.

From: http://www.techtv.com/screensavers/howto/story/0,24330,3505076,00.html
=======================================
On an infected system, the worm scans various documents for email 
addresses. The worm then distributes itself to other inboxes using a 
built-in SMTP engine. When it distributes itself, it "spoofs" in the 
"From:" field an email address it finds on the infected machine instead 
of using the infected user's address. Because the address doesn't match 
that of the infected machine, it's difficult to trace the string of 
infected computers.
===============================================



-- 
Registered Linux User #188099
<><

More information about the Discuss mailing list