Hello,
A new gimmick in virus delivery. An infected system will use the address book to mimic
returned mail. See sample headers below. I just had a couple of them sent to me and my
anti-virus caught it.
The virus - WIN32/Shimg.worm - was enbedded in a file called "Error.eml". You
may only see a file attached a "ERROR". Do not try to open it! More details on
this worm are below.
Be aware and be safe. Just delete the message to play it safe.
John R. Carpenter
La Mesa, CA USA
Example headings:
"Mail Delivery Subsystem" <MAILER-DAEMON(a)voyager.net>
To: <jrcrin001(a)cox.net>
Sent: Monday, January 26, 2004 10:22 PM
Subject: Returned mail: see transcript for details
The original message was received at Tue, 27 Jan 2004 01:22:03 -0500
(EST)
from c211-30-166-21.farfl1.nsw.optusnet.com.au [211.30.166.21]
----- The following addresses had permanent fatal errors -----
----- Original Message -----
From: "Mail Delivery Subsystem" <MAILER-DAEMON(a)voyager.net>
To: <jrcrin001(a)cox.net>
Sent: Monday, January 26, 2004 10:22 PM
Subject: Returned mail: see transcript for details
More details at:
http://www3.ca.com/virusinfo/virus.aspx?ID=38102
There is a virus cleaner for this virus at this web site.