new way of delivering virii?

Subject: new way of delivering virii?
From: Buddha (buddha@gci.net)
Date: Sat Jun 22 2002 - 10:36:01 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Justin Dieters: "httpd access_log"
• Previous message: Buddha: "Re: Processor types"
• Next in thread: James Zuelow: "Re: new way of delivering virii?"

I just received this message from GCI's mail system regarding an email I
never sent in the first place. I don't even know who
jblagg@stupiditytak.net is and that domain doesn't exist according to
samspade.org. Is this a new way of delivering virii by bouncing mail to a
target as it had the following attachments:

mono.exe - 16k
User.wav - 94k
untitled.html - 0.1k
untitled.txt - 0k

I recently heard on TechTV that there's a new virus in the wild that uses
music files to carry it's payload. Think this is one of them?

If anyone wants to take a look at the files, I've kept a copy as I only use
webmail so I'm safe.

UPDATE: While I was composing this, I received that same, exact mail and
payload from a sir_snowman@hotmail.com

Anyone else on GCI getting these?

-TIA,
-Jim "Buddha" McMorris

-------- Original Message --------
Subject: Mail System Error - Returned Mail
From: Mail Administrator <postmaster@mta-1.gci.net>
Date: Sat, June 22, 2002 10:09 am
To: buddha@gci.net

This Message was undeliverable due to the following reason:

Your message was not delivered because the Domain Name System
(DNS) for the destination computer is not configured correctly.
The following is a list of reasons why this error message could
have been generated. If you do not understand the explanations
listed here, please contact your system administrator for help.

      - The host does not have any mail exchanger (MX) or
        address (A) records in the DNS.

      - The host has valid MX records, but none of the mail
        exchangers listed have valid A records.

      - There was a transient error with the DNS that caused
        one of the above to appear to be true.

You may want to try sending your message again to see if the
problem was only temporary.

     DNS for host stupidityak.net is mis-configured
The following recipients did not receive this message:
     <jblagg@STUPIDITYak.net>

Please reply to <postmaster@mta-1.gci.net>
if you feel this message to be in error.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Justin Dieters: "httpd access_log"
• Previous message: Buddha: "Re: Processor types"
• Next in thread: James Zuelow: "Re: new way of delivering virii?"

This archive was generated by hypermail 2a23 : Sat Jun 22 2002 - 10:35:28 AKDT