Virus Poses as Your ISP
Next time you get a virus warning purporting to come from your ISP, be sure to check the headers first. I’m the only person who can access the domain xrlq.com, so I’m pretty sure I didn’t send this message to myself, let alone the fille ATTACH.PIF, which I presume is either a virus itself, or scumware of some other form. Here’s the message I got, in full header format:
Return-Path:
Delivered-To: xrlq@xrlq.user
Received: (qmail 29520 invoked from network); 24 Sep 2004 15:25:46 -0000
Received: from unknown (HELO tanya) (69.177.170.102)
by server207.com with SMTP; 24 Sep 2004 15:25:46 -0000
Date: Fri, 24 Sep 2004 11:24:06 -0500
To: xrlq@xrlq.com
Subject: E-mail account security warning.
From: management@xrlq.com
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”——–bqfeshfdxkjfmkbqfswo”——————————————————————————–
Dear user of Xrlq.com gateway e-mail server,Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.
For more information see the attached file.
Kind regards,
The Xrlq.com team http://www.xrlq.com
September 24th, 2004 at 8:44 am
Yep, that’s a virus just waiting to infect you with its evil.
September 24th, 2004 at 8:46 am
Yeah, I get those all the time for my private domains. It’s too bad that AOL, Microsoft and Yahoo! are unable to agree on an email credentialing strategy. The IETF neeeds to get off its butt and force a decision.
September 24th, 2004 at 5:27 pm
I get them all the time too. My husband is our domain’s administrator, and if I were sending out numerous infected e-mails, he’d give me a kiss and tell me so. I just delete them.
September 25th, 2004 at 7:30 pm
Hey, it’s a backhanded compliment — you’re a “team”! Sort of like conspiring with yourself, isn’t it?
I keep waiting for someone to ask me who else is part of the “organization” of beldar.org — the answer being, I guess, me and my dog. (Some cable TV station in Virginia had already grabbed beldar.com and beldar.net, so I had to become an “org” by default.)