Jump to content
Sign in to follow this  
DennisD

MyDoom virus in email

Recommended Posts

I just received 3 email messages through SpamCop with the MyDoom virus.

Previously SpamCop checked for viruses and blocked content and just sent me an email notifying me of the fact.

What changed to allow the virus to slip through?

I automatically forward all mail from my domain biz-builder.com hosted by DirectNIC to SpamCop for filtering and then I POP using Outlook.

My domain has been spoofed in the infecteded email and one looks like a normal return mail with an attachment infected with MyDoom caught locally by NortonAV.

What happened to the SpamCop AntiVirus checking?

Header:

Return-Path: <noreply[at]biz-builder.com>

Delivered-To: spamcop-net-dennis[at]spamcop.net

Received: (qmail 20319 invoked from network); 26 Jul 2004 15:45:44 -0000

Received: from unknown (192.168.1.101)

by blade1.cesmail.net with QMQP; 26 Jul 2004 15:45:44 -0000

Received: from iris1.directnic.com (204.251.10.81)

by mailgate.cesmail.net with SMTP; 26 Jul 2004 15:45:44 -0000

Received: by iris1.directnic.com (iris/0.153:relay); 26 Jul 2004 15:45:40 +0000

Message-Id: <41052724.C73.72C[at]iris2.directnic.com>

X-Iris-Host: 3467912726/[206.180.38.22]

X-Forward: from <cds[at]biz-builder.com> to <dennis[at]spamcop.net>

Received: from [206.180.38.22] (EHLO biz-builder.com) (206.180.38.22)

by iris2.directnic.com (iris/0.153) with ESMTP

for <cds[at]biz-builder.com> (rule 627606); 26 Jul 2004 15:45:39 +0000

Return-Path: noreply[at]biz-builder.com

From: "MAILER-DAEMON" <noreply[at]biz-builder.com>

To: cds[at]biz-builder.com

Subject: Returned mail: Data format error

Date: Mon, 26 Jul 2004 11:45:25 -0400

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0000_40761DCC.89719A46"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1

X-spam-Level: ****

X-spam-Status: hits=4.1 tests=FORGED_MUA_OUTLOOK,MIME_BASE64_ILLEGAL,

MSGID_FROM_MTA_HEADER version=2.63

X-SpamCop-Checked: 192.168.1.101 204.251.10.81 206.180.38.22 206.180.38.22

X-SpamCop-Disposition: Blocked SpamAssassin=4

X-SpamCop-Whitelisted: biz-builder.com

Share this post


Link to post
Share on other sites

As stated everywhere, if you read the fine print. Anti-virus tools are reactionary, thus offer little to no protection against a "new" virus or variant. And this is a new variant. And even better, at least one version of the spew appears to be a bounce message from the fine folks at the SpamCop Technical Support Team <g>

Share this post


Link to post
Share on other sites
As stated everywhere, if you read the fine print.  Anti-virus tools are reactionary, thus off little to no protection against a "new" virus or variant.  And this is a new variant. And even better, at least one version of the spew appears to be a bounce message from the fine folks at the SpamCop Technical Support Team <g>

13949[/snapback]

Wow, directed right at Spamcop. Must have been someone in "Help" complaining they were blocked and they only send legitimate email. :o

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×