I have been getting 2-3 e-mails a day with the same virus-infected files attached. The virus they contain is w95.hybris.worm -- the one which sends messages with the hahaha@...return address and the Snow White subject line. I'm trying to figure out who has the virus and is sending it, but it's difficult because the virus has munged the headers and all, and possibly used a relay somewhere.
Here are the headers. Can you help me ID where it came from? I'm at the X'd out portion.
~~~~~~~~~~~
Return-Path: <>
Received: from smtprelay13.dc2.adelphia.net ([64.8.50.60]) by
ms004a.dc2.adelphia.net (Netscape Messaging Server 4.15) with
ESMTP id GSBZZC00.TQ4 for
2002 00:45:12 -0500
Received: from mx1.buf.xxxxxxxxx.net ([xx.xx.xx.xx]) by
smtprelay13.dc2.xxxxxxx.net (Netscape Messaging Server 4.15)
with ESMTP id GSBZZC00.H32 for
2 Mar 2002 00:45:12 -0500
Received: from oemcomputer (p34.communigate.net [209.41.225.54])
by mx1.buf.xxxxxx.net (8.11.1/8.11.1) with SMTP id g225j1m25075
for
Date: Sat, 2 Mar 2002 00:45:01 -0500 (EST)
Message-Id: <200203020545.g225j1m25075@mx1.buf.xxxxxx.net>
From: Hahaha
Subject: Snowhite and the Seven Dwarfs - The REAL story!
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VERC923G92VS563OHQZKHQFWPYFO9"
X-PMFLAGS: 570949760 0 1 P10890.CNM
~~~~~~~~~~~~~~
Whoever it is whose system is sending this has my new e-mail address, which only became effective Monday.
Help Decipher E-Mail Headers?
Want to join? Register here. Already signed up? Click here to login!