[LON-CAPA-dev] Weeeeee! ;)))
Jeremy Bowers
lon-capa-dev@mail.lon-capa.org
Wed, 03 Mar 2004 09:35:35 -0500
Josh Tacey wrote:
> Yea, Virus time
>
> And MSU engineering services advice (yes I called them)
Interesting. On my bowersj2@msu.edu account, I got a totally different
virus. I'll not bother with attaching it, but I've compared the one from
"Felicia" with mine and it is definately not the same.
It also had much more exciting text attached to it:
------
Dear user of Msu.edu,
Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.
Advanced details can be found in attached file.
Sincerely,
The Msu.edu team http://www.msu.edu
------
I'm thinking maybe they realized they don't have the English skills to
pull off such a long message (surely somewhere in the world there is a
virus writer who can also write in English?), so they shortened it in
later attacks.
Someone must have tuned one of the existing Windows viruses specifically
for MSU (and perhaps other schools? though I see nothing in the virus
binaries so it must be a backdoor-type), because while the "Felicia"
email (sorry, Felicia!) came from on campus according to the headers,
mine did not. Headers:
------
Return-Path: <bowerjoy@msu.edu>
Delivered-To: jerf@jerf.org
Received: (qmail 17117 invoked from network); 2 Mar 2004 17:38:21 -0500
Received: from sys11.mail.msu.edu (35.9.75.111)
by 64.79.65.39 with SMTP; 2 Mar 2004 17:38:21 -0500
Received: from lnngmi-l10-891.dsl.tds.net ([134.215.235.129]
helo=sarahmjohnston)
by sys11.mail.msu.edu with smtp (Exim 4.24 #37)
id 1AyIV5-0001Tq-K4
for bowersj2@pilot.msu.edu; Tue, 02 Mar 2004 17:36:31 -0500
Date: Tue, 02 Mar 2004 17:36:22 -0500
To: bowersj2@msu.edu
Subject: Notify about using the e-mail account.
From: administration@msu.edu
Message-ID: <xwxeggemdyduxanxskj@msu.edu>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------lfdledfareiaduwsnold"
X-Virus: None found by Clam AV
------
Note the identical X-Virus header; does MSU run Clam AV on their mail
servers? (I don't run Clam AV on my mail server. Until there are Linux
viruses that Mozilla auto-executes I'm pretty safe.) But this email came
from off-network, "tds.net".
Anyhow, if the MSU network folks make some kind of announcement, could
someone forward me a copy in case they don't send it to all users? I
forwarded the email I received with headers to "abuse@msu.edu"; is there
a better place?