[Comphelp] New Virus Gimmick?

John R. Bradley jrb@accurecord.com
Thu, 12 Feb 2004 09:23:46 -0500 

This is a multi-part message in MIME format.

------=_NextPart_000_0512_01C3F149.EEB2FCC0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

This is one manifestation of the latest virus running around.  
You'll also see messages with a subject of Hi, or Test, or Status, plus
a few others.
Immediately delete them.  Do not open them.
Also make sure that you have updated your virus definition files.
John Bradley

-----Original Message-----
From: comphelp-admin@usps.org [mailto:comphelp-admin@usps.org] On Behalf
Of Robert_C_Miller
Sent: Wednesday, February 11, 2004 11:42 PM
To: 'Anthony J. Biegen'; comphelp@itcom.usps.org
Subject: RE: [Comphelp] New Virus Gimmick?


Tony,
 
You're not alone. I have had the same experience. I have some idea how
this might be accomplished but nothing I can hang my hat on. Maybe one
of our real technical experts can explain to us how this actually
happens. Maybe they can tell us how to minimize the possibility also.
Hmmm?
 
Bob Miller
Poverty Bay

-----Original Message-----
From: comphelp-admin@usps.org [mailto:comphelp-admin@usps.org] On Behalf
Of Anthony J. Biegen
Sent: Wednesday, February 11, 2004 7:45 PM
To: comphelp@itcom.usps.org
Subject: [Comphelp] New Virus Gimmick?


Has anyone seen this cute trick?  On 02/02/04, I received a "Postmaster
Delivery Failure Notice" from "postmaster@ugo.com."  I looked inside and
saw an addressee I never heard of and ignored the message.  Some days
later, I received a similar "Failure" notice with another unknown
addressee.  Annoyed, I immediately deleted it, but started to smell a
rat.  I went back to the original and read the copy of the "rejected"
mail.  It was sent to "john@ugo.com" with a return path of
"tonyb@writeme.com" (me). The text read "The message contains Unicode
characters and has been sent as a binary attachment.  It had an
attachment labeled "Quarantined Attachment.txt" with an Xed out
attachment icon.  I think my ISP caught the virus, because my Norton
doesn't show it having any quarantined items.  I deleted the attachment
from my Eudora "Attach" folder just in case it wasn't really
quarantined.

Any ideas out there as to what's happening here?


=;-}) Tony Biegen {:-})    
Voice/FAX: (516) 797-0464 
EMail: tonyb@writeme.com 
<||:-)) "Do not follow where the path may lead -- go instead where there
is no path and leave a trail."   Muriel Strode
   














------=_NextPart_000_0512_01C3F149.EEB2FCC0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>

<META content=3D"MSHTML 6.00.2800.1264" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D488032114-12022004><FONT color=3D#0000ff =
size=3D2>This is one=20
manifestation of the latest virus running around.&nbsp; =
</FONT></SPAN></DIV>
<DIV><SPAN class=3D488032114-12022004><FONT color=3D#0000ff =
size=3D2>You'll also see=20
messages with a subject of Hi, or Test, or Status, plus a few=20
others.</FONT></SPAN></DIV>
<DIV><SPAN class=3D488032114-12022004><FONT color=3D#0000ff =
size=3D2>Immediately=20
delete them.&nbsp; Do not open them.</FONT></SPAN></DIV>
<DIV><SPAN class=3D488032114-12022004><FONT color=3D#0000ff =
size=3D2>Also make sure=20
that you have updated your virus definition files.</FONT></SPAN></DIV>
<DIV><SPAN class=3D488032114-12022004><FONT color=3D#0000ff =
size=3D2>John=20
Bradley</FONT></SPAN></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
  <DIV></DIV>
  <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
  face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
  comphelp-admin@usps.org [mailto:comphelp-admin@usps.org] <B>On Behalf =
Of=20
  </B>Robert_C_Miller<BR><B>Sent:</B> Wednesday, February 11, 2004 11:42 =

  PM<BR><B>To:</B> 'Anthony J. Biegen';=20
  comphelp@itcom.usps.org<BR><B>Subject:</B> RE: [Comphelp] New Virus=20
  Gimmick?<BR><BR></FONT></DIV>
  <DIV><SPAN class=3D629193704-12022004><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2>Tony,</FONT></SPAN></DIV>
  <DIV><SPAN class=3D629193704-12022004><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D629193704-12022004><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2>You're not alone. I have had the same experience. I have some =
idea how=20
  this might be accomplished but nothing I can hang my hat on. Maybe one =
of our=20
  real technical experts can explain to us how this actually happens. =
Maybe they=20
  can tell us how to minimize the possibility also. =
Hmmm?</FONT></SPAN></DIV>
  <DIV><SPAN class=3D629193704-12022004><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D629193704-12022004><FONT face=3DArial =
color=3D#0000ff size=3D2>Bob=20
  Miller</FONT></SPAN></DIV>
  <DIV><SPAN class=3D629193704-12022004><FONT face=3DArial =
color=3D#0000ff=20
  size=3D2>Poverty Bay</FONT></SPAN></DIV>
  <BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
    <DIV></DIV>
    <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
    face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
    comphelp-admin@usps.org [mailto:comphelp-admin@usps.org] <B>On =
Behalf Of=20
    </B>Anthony J. Biegen<BR><B>Sent:</B> Wednesday, February 11, 2004 =
7:45=20
    PM<BR><B>To:</B> comphelp@itcom.usps.org<BR><B>Subject:</B> =
[Comphelp] New=20
    Virus Gimmick?<BR><BR></FONT></DIV>Has anyone seen this cute =
trick?&nbsp; On=20
    02/02/04, I received a "Postmaster Delivery Failure Notice" from=20
    "postmaster@ugo.com."&nbsp; I looked inside and saw an addressee I =
never=20
    heard of and ignored the message.&nbsp; Some days later, I received =
a=20
    similar "Failure" notice with another unknown addressee.&nbsp; =
Annoyed, I=20
    immediately deleted it, but started to smell a rat.&nbsp; I went =
back to the=20
    original and read the copy of the "rejected" mail.&nbsp; It was sent =
to=20
    "john@ugo.com" with a return path of "tonyb@writeme.com" (me). The =
text read=20
    "<FONT size=3D3>The message contains Unicode characters and has been =
sent as a=20
    binary attachment.&nbsp; I</FONT>t had an attachment labeled =
"Quarantined=20
    Attachment.txt" with an Xed out attachment icon.&nbsp; I think my =
ISP caught=20
    the virus, because my Norton doesn't show it having any quarantined=20
    items.&nbsp; I deleted the attachment from my Eudora "Attach" folder =
just in=20
    case it wasn't really quarantined.<BR><BR>Any ideas out there as to =
what's=20
    happening here?<BR><X-SIGSEP>
    <P></X-SIGSEP><FONT color=3D#0000ff size=3D3>=3D;-}) Tony Biegen=20
    {:-})&nbsp;&nbsp;&nbsp; <BR>Voice/FAX: (516) 797-0464 =
<BR></FONT><FONT=20
    color=3D#ff0000 size=3D3>EMail: tonyb@writeme.com</FONT><FONT =
color=3D#0000ff=20
    size=3D3> <BR>&lt;||:-)) "Do not follow where the path may lead -- =
go instead=20
    where there is no path and leave a trail."&nbsp;&nbsp; Muriel=20
    Strode<BR>&nbsp;&nbsp;=20
    =
<BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR></FONT></P></BLOCKQUOTE><=
/BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0512_01C3F149.EEB2FCC0--