[WEB4LIB] Some one spoofed the web4lib address (again)

Drew, Bill drewwe at MORRISVILLE.EDU
Thu Sep 12 21:07:05 EDT 2002 

 I believe this type of virus does th "spoofing" on its own based on e-mail
addresses in somebody's address book.

Bill Drew

-----Original Message-----
From: Dobbs, Aaron
To: Multiple recipients of list
Sent: 9/12/02 7:49 PM
Subject: [WEB4LIB] Some one spoofed the web4lib address (again)

Heads up:  
Someone has spoofed the web4lib address and sent a message with a Klez
attachment.
(I've already complained to abuse at visi.com)

Here's the header:

Received: from conn.mc.mpls.visi.com ([208.42.156.2]) by
exchange.apsu.edu
with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id P67HNMQJ; Thu, 12 Sep 2002 08:57:47 -0500
Received: from Ibctsb (173-193.dynamic.visi.com [209.98.173.193])
	by conn.mc.mpls.visi.com (Postfix) with SMTP id 435C183A9
	for <DobbsA at apsu.edu>; Thu, 12 Sep 2002 08:57:16 -0500 (CDT)
From: web4lib <web4lib at webjunction.org>
To: DobbsA at apsu.edu
Subject: Paul, MN  55105
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary=J8714Qg0y3Re1038DtNK6s92uw86J1
Message-Id: <20020912135716.435C183A9 at conn.mc.mpls.visi.com>
Date: Thu, 12 Sep 2002 08:57:16 -0500 (CDT)

--J8714Qg0y3Re1038DtNK6s92uw86J1
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

--J8714Qg0y3Re1038DtNK6s92uw86J1
Content-Type: audio/x-midi;
	name=href.exe
Content-Transfer-Encoding: base64
Content-ID: <I1m3T947>

--J8714Qg0y3Re1038DtNK6s92uw86J1
--J8714Qg0y3Re1038DtNK6s92uw86J1
Content-Type: application/octet-stream;
	name=myweb[1].htm
Content-Transfer-Encoding: base64
Content-ID: <I1m3T947>

--J8714Qg0y3Re1038DtNK6s92uw86J1--

-----Original Message-----
From: NAV for Microsoft Exchange-EXCHANGE 
Sent: Thursday, September 12, 2002 8:58 AM
To: Dobbs, Aaron
Subject: Norton AntiVirus detected a virus in a message you received.
The infected attachment was deleted.


Sender of the infected attachment:  web4lib
Subject of the message:  Paul, MN  55105
One or more attachments were deleted.
  Attachment href.exe was Deleted for the following reasons:
    Virus W32.Klez.H at mm was found.

More information about the Web4lib mailing list