FYI: email with malicious attchmnt.

Tapang, Roderick Eugenio (GXS) RoderickEugenio.Tapang at gxs.com
Fri Aug 8 23:24:27 EDT 2003


Hi,

I know it's obvious to most subscribers that I am using an M$
email client.  I've been receiving emails 'pretending' to be
coming from 'admin at andrew.cmu.edu' with a zipped attachment
containing a windows binary file named 'message.html'.

Anyone receiving such email here?

here's part of its header:

Received: (from postman at localhost)
	by lists2.andrew.cmu.edu (8.12.9/8.12.0.Beta16) id h78DWB9C009162
	for info-cyrus-list; Fri, 8 Aug 2003 09:32:11 -0400
Received: from mx2.andrew.cmu.edu (MX2.andrew.cmu.edu [128.2.10.112])
	by lists2.andrew.cmu.edu (8.12.9/8.12.0.Beta16) with ESMTP id
h78DWBBx009159
	for <info-cyrus at lists.andrew.cmu.edu>; Fri, 8 Aug 2003 09:32:11
-0400
Received: from localhost (bgp481418bgs.summit01.nj.comcast.net
[68.37.162.173])
	by mx2.andrew.cmu.edu (8.12.9/8.12.3.Beta2) with SMTP id
h78DUqT7022420
	for <info-cyrus at andrew.cmu.edu>; Fri, 8 Aug 2003 09:31:19 -0400
Date: Fri, 8 Aug 2003 09:30:52 -0400
Message-Id: <200308081331.h78DUqT7022420 at mx2.andrew.cmu.edu>
From: admin at andrew.cmu.edu


------------5044862D01BFE5B
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

------------5044862D01BFE5B
Content-Type: application/x-zip-compressed; name="message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="message.zip"


>-----Original Message-----
>From: admin at andrew.cmu.edu [mailto:admin at andrew.cmu.edu]
>Sent: Friday, August 08, 2003 9:31 AM
>To: Info-cyrus
>Subject: your account shkouevo
>Importance: High
>
>
>
>Hello there,
>
>I would like to inform you about important information regarding your
>email address. This email address will be expiring.
>Please read attachment for details.
>
>---
>Best regards, Administrator
>shksuevu
>

cheers,

erik




More information about the Info-cyrus mailing list