-   Linux - Security (
-   -   security breach: send mail to unknown address? (

graffitici 01-29-2004 02:11 PM

security breach: send mail to unknown address?

A recent event scared me to death. I do now know whether this is a serious issue, or a well done hoax (in that case, it certainly works). I have received a mail from my default mail server few hours ago that said a mail I sent to some address in yahoo couldn't be delivered. I didn't attach any importance to it. But I received a second one just few minutes ago. I append the mail to the end of my post ( I have replaced my e-mail with ).

What do you suppose this is? seems to be a legitimate e-mail. I am sure that I haven't sent anything to this Could this be a kind of linux virus that sends some files somehow? Because apparently I sent a file called:
I do not know what this is, nor what it is used for. It has probably been renamed anyway. Another thing that concerns me is that is over the limit, which may happen if this guy receives lot of files like this one from, perhaps, other infected people?
All in all, this can as well be a minor error, but I am really curious as to how such a thing can be happening, although I am using linux.
I would appreciate any help and advice

failure delivery
Date: Today 04:41:25

Message from
Unable to deliver message to the following address(es).

size saved = 8912
Sorry, your message to cannot be delivered. _This account is over quota.

--- Original message follows.

Return-Path: <>

The original message is over 5k. _Message truncated to 1K.

X-Rocket-Track: 1323744: 20 ; SERVER=
Return-Path: <>
X-RocketNR: 1
Received: from _(EHLO (
_ by with SMTP; Wed, 28 Jan 2004 12:20:51 -0800
Subject: Server Report
Date: Wed, 28 Jan 2004 22:19:21 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
X-Priority: 3
X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Content-Type: application/octet-stream;
Content-Transfer-Encoding: base64
Content-Disposition: attachment;


jtshaw 01-29-2004 02:20 PM

That is a MyDoom virus message.

graffitici 01-29-2004 02:26 PM

I checked the security response at symantec. Apparently this doesn't affect linux. The stupid winxp should have gotten it somehow then. I have to run the removal tool as soon as possible.
I shouldn't have any concerns under linux then?

jtshaw 01-29-2004 02:30 PM

It is yet another Outlook virus. I have been getting the bounces all week on my mail server, but I can see in the IP stamp they aren't actually originating from my machine, they are double bounces. IE, my mail server tried to bounce them and the bounce bounce so I get notified.

It can't effect linux boxes. The key factor is the claudia@whatever address, the virus tries to send mail to common names at whatever domains it can find.

chort 01-29-2004 05:27 PM

Modern e-mail worms randomly choose their "from" address as an addressbook entry from their victim. They're all spoofed.

All times are GMT -5. The time now is 12:15 AM.