did this mail ever go near messagelabs?

TeeJay on 2004-08-19T09:49:53

I found this in my inbox, I am guessing it is a virus and I am also guessing it went knowhere near messagelabs.

Date: Thu, 19 Aug 2004 00:26:33 +0400
From: ulia@*****.ru
To: asavigesahy@*****.org
Subject: Re: Old photos
Parts/Attachments:
   1 Shown     5 lines  Text (charset: Windows-1252)
   2          30 KB     Application
----------------------------------------
                                                                                                                              
Have a look at these.
                                                                                                                              
+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com
                                                                                                                              
                                                                                                                              
    [ Part 2, Application/OCTET-STREAM (Name: "old_photos.zip")  40KB. ]
    [ Cannot display this part. Press "V" then "S" to save in a file. ]

of course there is no such user as asavigesahy at that domain. I need to start bouncing this kind of crap.

nope

kungfuftr on 2004-08-19T15:08:44

Nah mate,

It's a common trick used by worms, you can usually tell by the extension of the attachment, etc.

No

Matts on 2004-08-19T15:32:25

They're trying to both make us look bad, and make users trust the email contents.

Bouncing bad

drhyde on 2004-08-23T11:16:54

No, you don't want to bounce it. Reject it during the SMTP connection, rather than later bouncing it to the poor unfortunate victim of a joe-job.

Re:Bouncing bad

TeeJay on 2004-08-23T12:16:32
oh yes, bounced mail is such a PITA these days.
Most of the crud that ends up in my catchall inbox is bounces, and most of those are Virus or Spam responses that should really have checked against spoofing.