troubleshooting Question

Undeliverable message returned to sender spam

Avatar of Mooligan
Mooligan asked on
Security
11 Comments1 Solution1054 ViewsLast Modified:
Several users are receiving messages such as the following


-----Original Message-----
From:
Sent: Friday, March 26, 2004 7:38 AM
To: <OMITTED>|
Subject: Undeliverable message returned to sender


This message was created automatically by mail delivery software.

Delivery failed for the following recipients(s):
       support@ati.com

The message you sent contained an attachment which the recipient has chosen to block.
Usually these sort of attachments are blocked to prevent malicious software from
being sent to the recipient in question.

The name(s) of the blocked file(s) follow:
      your_picture.pif

To send this file, please place it in a compressed archive using WinZip (http://www.winzip.com) or the archive software of your choice.

----- Original Message Header -----
Received: by mail18-red (MessageSwitch) id 1080315470766686_4382; Fri, 26 Mar 2004 15:37:50 +0000 (UCT)
Received: from ati.com (h68-147-24-83.cg.shawcable.net [68.147.24.83])
      by mail18-red.bigfish.com (Postfix) with ESMTP id EAF4B28A89C
      for <support@ati.com>; Fri, 26 Mar 2004 15:37:49 +0000 (UCT)
From: <OMITTED>
To: support@ati.com
Subject: Re: Your picture
Date: Fri, 26 Mar 2004 08:41:00 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----=_NextPart_000_0000_00006015.00006681"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040326153749.EAF4B28A89C@mail18-red.bigfish.com>


Now of course the user never actually tried to send something to ATI, but one could assume that he may be infected with a virus that is trying to send itself out. However, latest McAfee/Stinger scans do not find anything.

I seem to think when I see these that it is likely someone else infected who has my user on their contact list which the worm uses to try and spread. The only thing I don't like about that theory is why I am receiving these messages with no virus attached, or indication that the virus was removed at the mail server. Thats what tends to make me think it really is nothing more than spam?

A google search (http://www.google.ca/search?q=%22To+send+this+file%2C+please+place+it+in+a+compressed+archive+using+WinZip+%28http%3A%2F%2Fwww.winzip.com%29+or+the+archive+software+of+your+choice.%22&ie=UTF-8&oe=UTF-8&hl=en&meta=) on a key line in the message returns quite a number of essentially similar messages on various mailing lists...


Input?


Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 11 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros