Odd e-mail

[MarineCorps]

I was cleaning out my inbox today and saw this message in my inbox

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

kingpin@cdgroup.org
This message has been rejected because it has
a potentially executable attachment "mp3music.pif"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------

Return-path: <marinecorps_1@hotmail.com>
Received: from [193.171.80.144] (helo=cdgroup.org)
by server10.arteryserver10.net with esmtp (Exim 4.24)
id 1Axlhs-0007GN-DS
for kingpin@cdgroup.org; Mon, 01 Mar 2004 11:35:32 +0000
From: marinecorps_1@hotmail.com
To: kingpin@cdgroup.org
Subject: Re: Your music
Date: Mon, 1 Mar 2004 12:22:43 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0000_00002943.000077B8"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <E1Axlhs-0007GN-DS@server10.arteryserver10.net>

This is a multi-part message in MIME format.

------=_NextPart_000_0000_00002943.000077B8
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit

See the attached file for details.

------=_NextPart_000_0000_00002943.000077B8
Content-Type: application/octet-stream;
name="mp3music.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="mp3music.pif"

Odd part is I never sent him any e mail, my hotmail acount isn't even the one that I revice e mails from CDG. I haven't even recived or sent an email to or from him. What is going on? Hell I don't even listen to music files on my computer,

 

[Ankka]

Propably a virus.

 

[Centrifuge]

someone who has you in their address book has a virus.

 

[MarineCorps]

I know it is a virus. But what I am confused about is why he was chosen. He is not in my adress book, never sent or recived an e mail from him, and never talked with him on MSN (he isn't even on my contact list). I have never gotten an e mail from CDG on my hotmail acount.

 

[Centrifuge]

You don't need to know him, the virus sends itself out randomly and pretends that it's coming from email addresses that it finds on infected computers.

...again your computer is not infected, someone who has your name/email in their address book is.

 

[Goober]

Delete the E-mail, it is a Virus. Do an immediate Virus scan, and if you know whom it is from, tell them (your friend, or . . . ?). I am not sure how you would get this E-mail if you do not know the person, and they were not on your Address Book list thingie . . .

 

[MarineCorps]

I am spposed to have sent it so I have no idea who has the virus. I have an idea but not 100%.

 

[Centrifuge]

A lot of these types of viruses are going around nowadays, just delete the messages when you see them, the person who actually has the virus will figure it out before too long.

 

[Comraddict]

acutally that "delivery server" is scam. It is just regular email modified to look like delivery failure. It is virus cause it has PIF file in it.

 

[Pongui]

That's one of the latest tricks, spoofing your own mailings.

 

[Centrifuge]

I think that we're talking about 2 different types of viruses here, I was thinking about something akin to the SoBig virus.

...regardless, when there are viruses attached, I would assume that you should be able to tell the difference, by the file size.

...Please correct me if I'm wrong.

 

[funxus]

Originally posted by Centrifuge
...regardless, when there are viruses attached, I would assume that you should be able to tell the difference, by the file size.

What file size do you mean? Do you mean the difference in size between an infected file and a healthy file?

If so, I'm not sure that's a secure way to see if it has a virus or not.

 

[Centrifuge]

Agreed, It's certainly not the most secure way, (that's why we often need to rely on spam blockers, firewalls, and anti-virus)

...but an infected file will almost certainly be larger than the file that it's trying to impersonate.

My spamblocker caught some "sobig" messages that I knew were unsafe to open simply because they were over 100kb in size (and from an unknown source of course ), where as a non infected message (if it doesn't have pictures etc, attached) will only be about 10kb max.

I certainly do not reccomend this as a method of virus detection , The good old "don't open email from unknown sources always applies" ...but if the email is impersonating a message from your ISP, some sort of method for distinguishing between the two is necessary, and unless they do a bad job of impersonating, then file size may be the only thing to fall back on (particularly for people who do not have anti-virus or Spam blockers).

Spam blockers are nice in the case of impersonators, because they can be set to not allow email from anybody that is not in your address book and/or not affiliated with your ISP.