Almost caught me out.

Posted by: Roy T on 01 November 2004

This morning an email hove into view and the subject line looked almost right for the text returned by the system because an email could not be delivered. Almost right but not quite right enough for me to click on it without thinking but right enough to sail through the mailsystem spam filters. As I run Mozilla FireFox configured not to download anything without my say so I though I'd just have a quick peek inside.

As you can see the text looked about right but according to whois 116.237.138.83 is

quote:
Server Used: [ none ] ERROR: IP Range Reserved by IANA.org

and the email contained a file called "letter.zip" a sure sign that it is something not very nice.

I then downloaded the zip onto my desktop and when examined by AVG it contained a copy of I-worm / mydoom.n so a quite clever attack thay failed and one of the very few I thought might be a false positive and I was right.

=========
Date: Sun, 31 Oct 2004 19:02:08 -0600
From: Automatic Email Delivery Software <MAILER-DAEMON@******.com>
[ Add to Address Book | Block Address | Report as Spam ]
To: <******@******.com>
Subject: Mail System Error - Returned Mail
This Message was undeliverable due to the following reason:
Your message was not delivered because the destination computer was
not reachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.
Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.
Your message was not delivered within 6 days:
Host 116.237.138.83 is not responding.
The following recipients did not receive this message:
<******@******.com>
Please reply to postmaster@******.com
if you feel this message to be in error.
=======

Posted on: 01 November 2004 by Hawk

Ive had a few of these too, very nasty and probably one of the easiest to fall for.. in fact her indoors did! The one she had was slightly different in that the attacment was called 'Returned Message.zip' She did the obvious and opened the attachment to see which of her emails didnt deliver... Thank God for McAfee!!!

Posted on: 01 November 2004 by HTK

I've had a spate of these but not so many lately. The attachment gave it away. Bloody kids...

Cheers

Harry

Posted on: 01 November 2004 by Ancipital

As I've been on the net for so long I do get a whole bunch of crap.

Once every couple of weeks I get a load of these "returned" e-mails, a number of them are "spoofed" returns made to look like they've been bounced from a mail server where they are in fact virus ridden.

If you get a returned message, unless your absolutely sure you sent a mail that may have got bounced, just delete it.

You can also view the headers of the mail without opening it so the history of the message can be seen (where it came from, where it went).

Steve.

Posted on: 01 November 2004 by j8hn

I too get loads of these mails and I run AVG which always picks them out so no problem!

Posted on: 01 November 2004 by Geoff P

I have been receiving a rush of the famous "Due to credit card fraud the bank needs to re-confirm your account details" HA HA HA I don't think so, DUH!! but mya also contain a virus.I just dump them unopened

It is so blatantly obvious and interestingly comes across the pond since it is from the likes of Wells Fargo & Citicorp.

It is pretty dumb especially since it sticks out a mile, especially when you have no accounts with a Bank, but I also got one supposedly from a Brokerage house which was a bit closer to home.

regards
GEOFF

"Just trying to make a NAIM for myself"

Posted on: 01 November 2004 by Occean

I use yahoo's paid service (£12 a year i think) gives 2gig mailbox amoung other options, but it also has a virus filter that doesn't even let virus be downloaded via pop3 - been using it for a while and I am most impressed - haven't downloaded a single dodgy file since they implemented the service

CD5/112/150/S5e's/smiling