[Comphelp] New Virus Gimmick?

Penneman, Roger B roger.b.penneman@lmco.com
Thu, 12 Feb 2004 08:26:49 -0600 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--Boundary_(ID_JPdsA6L5s0Lzw0op7tpxcg)
Content-type: text/plain
Content-transfer-encoding: 7BIT

That's the MyDoom virus.  Messages that look official like that are what
made it spread it so fast.
 
Roger Penneman
Fort Worth
 
-----Original Message-----
From: comphelp-admin@usps.org [mailto:comphelp-admin@usps.org] On Behalf Of
Anthony J. Biegen
Sent: Wednesday, February 11, 2004 9:45 PM
To: comphelp@itcom.usps.org
Subject: [Comphelp] New Virus Gimmick?


Has anyone seen this cute trick?  On 02/02/04, I received a "Postmaster
Delivery Failure Notice" from "postmaster@ugo.com."  I looked inside and saw
an addressee I never heard of and ignored the message.  Some days later, I
received a similar "Failure" notice with another unknown addressee.
Annoyed, I immediately deleted it, but started to smell a rat.  I went back
to the original and read the copy of the "rejected" mail.  It was sent to
"john@ugo.com" with a return path of "tonyb@writeme.com" (me). The text read
"The message contains Unicode characters and has been sent as a binary
attachment.  It had an attachment labeled "Quarantined Attachment.txt" with
an Xed out attachment icon.  I think my ISP caught the virus, because my
Norton doesn't show it having any quarantined items.  I deleted the
attachment from my Eudora "Attach" folder just in case it wasn't really
quarantined.

Any ideas out there as to what's happening here?


=;-}) Tony Biegen {:-})    
Voice/FAX: (516) 797-0464 
EMail: tonyb@writeme.com 
<||:-)) "Do not follow where the path may lead -- go instead where there is
no path and leave a trail."   Muriel Strode
   














--Boundary_(ID_JPdsA6L5s0Lzw0op7tpxcg)
Content-type: text/html
Content-transfer-encoding: 7BIT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=456482514-12022004><FONT color=#0000ff>That's the MyDoom 
virus.&nbsp; Messages that look official like that are what made it spread it so 
fast.</FONT></SPAN></DIV>
<DIV><SPAN class=456482514-12022004><FONT 
color=#0000ff></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=456482514-12022004><FONT color=#0000ff>Roger 
Penneman</FONT></SPAN></DIV>
<DIV><SPAN class=456482514-12022004><FONT color=#0000ff>Fort 
Worth</FONT></SPAN></DIV>
<DIV><SPAN class=456482514-12022004></SPAN>&nbsp;</DIV>
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT face=Tahoma 
size=2>-----Original Message-----<BR><B>From:</B> comphelp-admin@usps.org 
[mailto:comphelp-admin@usps.org] <B>On Behalf Of </B>Anthony J. 
Biegen<BR><B>Sent:</B> Wednesday, February 11, 2004 9:45 PM<BR><B>To:</B> 
comphelp@itcom.usps.org<BR><B>Subject:</B> [Comphelp] New Virus 
Gimmick?<BR><BR></FONT></DIV>Has anyone seen this cute trick?&nbsp; On 02/02/04, 
I received a "Postmaster Delivery Failure Notice" from 
"postmaster@ugo.com."&nbsp; I looked inside and saw an addressee I never heard 
of and ignored the message.&nbsp; Some days later, I received a similar 
"Failure" notice with another unknown addressee.&nbsp; Annoyed, I immediately 
deleted it, but started to smell a rat.&nbsp; I went back to the original and 
read the copy of the "rejected" mail.&nbsp; It was sent to "john@ugo.com" with a 
return path of "tonyb@writeme.com" (me). The text read "<FONT size=3>The message 
contains Unicode characters and has been sent as a binary attachment.&nbsp; 
I</FONT>t had an attachment labeled "Quarantined Attachment.txt" with an Xed out 
attachment icon.&nbsp; I think my ISP caught the virus, because my Norton 
doesn't show it having any quarantined items.&nbsp; I deleted the attachment 
from my Eudora "Attach" folder just in case it wasn't really 
quarantined.<BR><BR>Any ideas out there as to what's happening 
here?<BR><X-SIGSEP>
<P></X-SIGSEP><FONT color=#0000ff size=3>=;-}) Tony Biegen 
{:-})&nbsp;&nbsp;&nbsp; <BR>Voice/FAX: (516) 797-0464 <BR></FONT><FONT 
color=#ff0000 size=3>EMail: tonyb@writeme.com</FONT><FONT color=#0000ff size=3> 
<BR>&lt;||:-)) "Do not follow where the path may lead -- go instead where there 
is no path and leave a trail."&nbsp;&nbsp; Muriel Strode<BR>&nbsp;&nbsp; 
<BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR></FONT></P></BODY></HTML>

--Boundary_(ID_JPdsA6L5s0Lzw0op7tpxcg)--