just the same with this one: lofixxx@atom-heart.com
i'm running OS X and not infected, but this eMail is used by someone
from Poland i don't know.
ma_hovina
Am Samstag, 07.06.03, um 20:55 Uhr (Europe/Berlin) schrieb Mr. Tangent:
quoted 74 lines -- read the following if you want the short version --> -- read the following if you want the short version --
>
> Hello. As you may or may not have seen, someone from Poland is
> infected with the Bugbear virus and is making it appear that e-mails
> are being sent from me. Do NOT respond or open ANY e-mail attachment
> from "warpobot@mrtangent.com" -- it's a spoofed e-mail and no such
> e-mail address exists at my mrtangent.com domain. DELETE the e-mail
> AND attachment immediately if you get an e-mail from
> "warpbot@mrtangent.com".
>
> -- keep reading if you want the full story --
>
> I'm in the process of investigating, but what I can ascertain 1)
> someone from Poland is either spoofing my e-mail address, and sending
> a fake "warpbot/warp records" mail that also contains a virus (don't
> open the attachment!) or 2) someone from Poland is genuinely not
> trying to spoof my address, and has somehow been infected with this
> Bugbear virus and is being an unwitting victim in propagating the
> virus (and the virus for some reason is choosing my domain as the
> spoof source).
>
> Apparently the Bugbear virus looks through the contact book of the
> infected person's e-mail client and chooses a random domain
> (mrtangent.com in this instance) and a random name (warpbot in this
> instance) and then a random message from his or her in-box. It then
> sends this new e-mail AND VIRUS to everyone in the infected person's
> address book (including mailing lists, apparently), thus continuing
> the infection process.
>
> I wrote to my domain provider (for mrtangent.com) earlier and he
> assures me that no spam/spoofed e-mails or viruses are going through
> their mail server.
>
> I'm running Mac OS X, so there is very little chance I'm personally
> infected. I've also ran Virex (with current virus definitions as of
> today) and there is absolutely no viruses on my Macintosh. There is
> also no "warpbot" address on my mrtangent.com domain (I checked to see
> if I had been compromised).
>
> I apologize for any inconveniences this has caused but unfortunately
> the virus is spoofing my address and there's no way I can do anything
> about it since the e-mail is not technically going through my mail
> server (the e-mail is NOT from mrtangent.com, I assure you).
>
> Here is the full headers in case anyone is curious. This proves the
> e-mail is originating from someone in Poland (nickname "Adax"
> apparently):
>
> Return-Path: <warpbot@mrtangent.com>
> Received: (qmail 63185 invoked from network); 6 Jun 2003 17:49:34 -0000
> Received: from ns2.tele2.pl (213.173.209.71)
> by taz3.hyperreal.org with SMTP; 6 Jun 2003 17:49:34 -0000
> Received: from adax (host-81-118.tele2.pl [62.93.81.118])
> by ns2.tele2.pl id h56HiuI22510;
> Fri, 6 Jun 2003 19:44:56 +0200 (MET DST)
> Date: Fri, 6 Jun 2003 19:44:56 +0200 (MET DST)
> Message-Id: <200306061744.h56HiuI22510@ns2.tele2.pl>
> From: "Warpbot" <warpbot@mrtangent.com>
> Subject: Warp Records Mailing List Letter - 09/10/02
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------7M1O4BN2O27N21"
> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N
>
> If someone could forward this to the ambient and idm mailing lists I
> would appreciate it (since I'm not on them). Thank you and be SURE
> not to open ANY attachment you get as a result of this mess.
>
> --
>
> Mr. Tangent [the binary police]
>
> "Ultimately, it boils down to one thing. Do you want to work for the
> machine, or do you want it to work for you?", Bob Shier, Teacher, in
> reference to Window's unreliability and preference of the Mac OS