savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] I received a message from your group??

From: Joel Sampson
Subject: [Savannah-hackers] I received a message from your group??
Date: Fri, 20 Jun 2003 17:08:13 -0500 
Greetings. Strange message approaching.  Maybe not to you.

I asked my ISP about the following, and they said they have no idea
how or why I got a message.  I think maybe a company using your 
servers has the K_lez worm and maybe you should notify them??

Here's a slightly edited string... first I got a file with an attachment, then
this message appeared next...

> > -----Original Message-----
> > From: address@hidden [SMTP:address@hidden
> > Sent: Monday, June 02, 2003 8:34 AM
> > To: address@hidden
> > Subject: Virus Alert
> >
> > We have detected a virus (WORM_KLEZ.H) in your mail traffic sent from
> > address@hidden in the file rock.exe on 06/02/2003 08:34:05.
> > We took the action delete. If you have questions regarding files or
> > updating/installing Anti-virus protection on your PC, please contact your
> > e-mail administrator or help desk.


So I sent my ISP a message...

> ----- Original Message -----
> Sent: Tuesday, June 17, 2003 4:13 PM
> Subject: FW: Virus Alert
> >
> > QUESTION:
> > Is (my ISP) using Biz Mail Services for scanning e-mail, or where is this
> > coming from?
> > Do they notify address@hidden that there is a bug in
> > their system?  The following message came along just after a message
> > with the worm in it.  Obviously both messages are being deleted from my
> > system, but I'm wondering about Biz Mail, and if (my ISP) is aware of this.


Then I received the following response and confirmed it by phone...

> >  This message was sent from a source entirely unaffiliated with Socket. 
> >  I would recommend sending an email to the domain that appears to 
> >  be responsible.  Thank you.
> >
> >  Scott
> >  (my ISP) Technical Support
> >  Ticket #:  279627

So I'm guessing that maybe Entertainment Events Inc. may have a virus
and is going through your server - maybe a customer of yours?? I don't 
know, but it's happened 3 or 4 times and the from and subject lines 
were different each time, but the "address@hidden" was
in each notification message.  Are you scanning the messages as they
go through, and if so, is it software that is available to any ISP to buy?
I'd recommend it to mine!  Any details would be appreciated.  
Thank you.
Joel Sampson
reply via email to
[Prev in Thread] Current Thread [Next in Thread]