A virus from Linuxquestions?

jong357 · 12-18-2004, 02:04 AM

This is kind of strange... I got this in the mail... What is the purpose of this and what exactally is it supposed to do on Slackware anyway, even IF sbc would let me download it?

Linuxquestions.net takes me to linuxquestions.org in my browser so I thought I would let everyone know about it... Cheers!

Code:

"Your SBC Yahoo! Mail Virus Protection detected the virus 
'"W32.Beagle@mm!zip"' in the file '"Attach.zip"', attached to the enclosed email 
message. We scanned the file using Norton AntiVirus but were unable to 
clean it. Therefore, we removed the content of the attachment from the 
message. Please contact the message sender if you want to receive the 
attachment. They must clean the file and resend it before we can deliver it 
to you safely."

"SBC Yahoo! Mail successfully cleans most infected attachments, which 
protects you from viruses."


------------------------------------------------------------------------


Authentication-Results: mta826.mail.sc5.yahoo.com

  from=linuxquestions.net; domainkeys=neutral (no sig)

X-Originating-IP: [209.212.118.139]

Return-Path: <114398@linuxquestions.net>

Received: from 207.115.63.49  (EHLO vml-ext.prodigy.net) 
(207.115.63.49)
  by mta826.mail.sc5.yahoo.com with SMTP; Thu, 16 Dec 2004 12:56:47 
-0800
X-Header-NoReverseIP: IP.name.lookup.failed[209.212.118.139]
X-Originating-IP: [209.212.118.139]
Received: from Eugenework ([209.212.118.139])
	by vml-ext.prodigy.net (8.12.10 083104/8.12.10) with SMTP id 
iBGKtuja344732
	for <jongrosshart@sbcglobal.net>; Thu, 16 Dec 2004 15:55:58 -0500
Date: Thu, 16 Dec 2004 22:55:59 +0200
To: jongrosshart@sbcglobal.net
Subject: ^_^ mew-mew (-:
From: 114398@linuxquestions.net
Message-ID: <clrrwmiwcjukusryaux@linuxquestions.net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ijtnwihrddkhloucxojx"

----------ijtnwihrddkhloucxojx
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 I don't bite, weah!

password: 35321

----------ijtnwihrddkhloucxojx
Content-Type: application/octet-stream; name="Attach.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Attach.zip"


----------ijtnwihrddkhloucxojx--

acid_kewpie · 12-18-2004, 05:19 AM

this is presumably using a spoofed address. there is no LQ.org user with that name, and being webmail only an address on lq.net (our free email service) couldn't send somethign like that through.

jeremy · 12-18-2004, 09:15 AM

Chris is correct, the address is being spoofed (ie. this is in no way associated with LQ). Unfortunately, this is all too common place these days.

--jeremy

trickykid · 12-18-2004, 10:21 AM

Hehe.. its like a few weeks ago a guy at work said I couldn't send him an email and make it look like it was sent by G. Bush at whitehouse.gov.. well, he was wrong and it was a damn funny email I sent him to prove him wrong..

jong357 · 12-18-2004, 04:35 PM

Yea, Thats what I figured. Obviously it was more than likely someone here on the forums but why would a linux user send another linux user a windows virus?

Funny stuff.... Thanks...

jeremy · 12-19-2004, 08:46 PM

jong357, it more than likely wasn't a user here on the forums. It was likely a spambot or virus randomly spoofing the from address.

--jeremy