NK - Re: Virus Warning
Darin K. Herndon
darin-herndon at utulsa.edu
Wed Mar 7 00:23:31 PST 2001
>First, Etienne, after your last two posts I received two copies of the "Snow
>White and the seven dwarfs- the Real Story" e-mail. Might need to scan your
>system.
JP, thanks for the note. Our system is a Macintosh; the VB payload
does not work on our machine. Also, we do not use MS Outlook and so
have no address book that the virus can read and spread from. And I
hesitate to admit such a thing but... you are not in the address book
we have (I always check on a mailing list if I need to find your
address).
If you look in the two emails you received (at the full header
information, not the abreviated), despite the "from" address there
will be info showing you the path from which the message actually was
sent. For example, your message to me includes the following in the
full header:
Received: from blackstar.ansteorra.org
(adsl-216-62-214-29.dsl.austtx.swbell.net [216.62.214.29])
by barnard.utulsa.edu (8.11.1/8.11.0) with ESMTP id f275bbo22279;
Tue, 6 Mar 2001 23:37:37 -0600
Received: (from majordom at localhost)
by blackstar.ansteorra.org (8.9.3/8.9.3) id XAA15451
for northkeep-outgoing; Tue, 6 Mar 2001 23:36:25 -0600
Received: from mail.nomadics.com (mail.nomadics.com [209.131.181.162])
by blackstar.ansteorra.org (8.9.3/8.9.3) with ESMTP id XAA15448
for <northkeep at ansteorra.org>; Tue, 6 Mar 2001 23:36:23 -0600
Received: from duron
(adsl-64-217-12-50.dsl.okcyok.swbell.net [64.217.12.50])
by mail.nomadics.com (Post.Office MTA v3.1.2 release (PO205-101c)
ID# 0-45962U100L2S100) with SMTP id AAA172
for <northkeep at ansteorra.org>; Tue, 6 Mar 2001 23:51:39 -0600
By the last "Received:" entry, Duron (your PC?) handed off this
message to the mail server (mail.nomadics.com) addressed for
"northkeep at ansteorra.org". I write all of this simply to ask if you
will (assuming you still have one of the messages) check the full
header and see where it actually originated. Please feel free to
email me directly rather than the list. I include this much here so
that others can learn how to check original senders on emails they
receive.
I would be very interested in checking the original sender of the
messages you received. Especially if they originate from utulsa.edu
or bswintl.com. I think what you received being timed after my
message was a coincidence but I would like to be sure.
Etienne
More information about the Northkeep
mailing list