Hi and thanks for your invaluable service !
I got the mail below from my email provider (target email to which I redirect my SG account). I'm wondering what happened exactly ? Particularly :
1. Does the virus'ed email come really from a SG account as displayed ? How to know ?
2. If yes, why did I got this email directlly in my target inbox (not through a SG disposable email as the header suggests; I also don't know the supposed SG sender, and all of my disposable SG emails have an exclusive sender...)
3. If yes, does that mean SG has been abused by a virus or worm ?
4. If yes, how to warn the original sender, because my warning will be killed by SG... What a well working system
5. If not, does that necessarily mean my target email has been catched by spammers (in spite of all my efforts...) ?
Lot of questions, but basically this email confuses me. I don't see the "hole" through which it reached me : I'm trying to figure out where this "hole" is.... (SG side ? My side ? A friend side ? Newsletter side ?)
PS: the virus seems to be a variant of I-Worm.Dumaru.a (fyi: http://www.viruslibrary.com/virusinfo/I ... maru.a.htm)
PPS: Message below: (note the ".exe" after the spaces...). I've hidden the private information for... well, privacy reason
8<---- start of message
From - Mon Jan 26 09:21:14 2004
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <postmaster@myprovider.com>
Received: from frontend1.myprovidercom (mysql.internal [xx.xxx.xx.xxx])
by myprovider.com (Cyrus v2.1.9) with LMTP; Sun, 25 Jan 2004 06:18:25 -0500
X-Sieve: CMU Sieve 2.2
X-Resolved-to: me@TargetEmail
X-Delivered-to: me@TargetEmail
X-Mail-from: postmaster@myprovider.com
Received: by mail.myprovider.com (Postfix, from userid xxx)
id D33C74B6806; Sun, 25 Jan 2004 06:18:25 -0500 (EST)
From: <postmaster@myprovider.com>
To: me@TargetEmail
Date: Sun, 25 Jan 2004 11:18:25 UT
Subject: Infected file rejected
Message-Id: <20040125111825.D33C74B6806@mail.myprovider.com>
We have just rejected a message to you from "username_hidden"@gourmet.spamgourmet.com
because it tested as positive to a virus
using Kaspersky Anti-virus (http://www.kaspersky.com).
If you do not wish to use anti-virus protection, [myprovider.com blablabla...]
The virus scanner output was:
----
From "Elene" <FUCKENSUICIDE@HOTMAIL.COM>][Date Sun, 25 Jan 2004 12:17:49 +0100 (CET)]/myphoto.zip/myphoto.jpg .exe Infected by virus: I-Worm.Dumaru.j
8<---- end of message