On Mon, Feb 04, 2002 at 08:48:08PM -0600, Dave Sherman wrote:
> All,
> 
> I don't know what is going on, but someone or something is using my
> email address as the From: header for their emails. I am associated with
> the below ministry, and I suspect that the individual may have been
> infected by an Outlook virus, but have not been able to contact him yet.

Hmmm... the headers look interesting:
Received: from enchanter.real-time.com (enchanter.real-time.com [208.20.202.11])
        by beaver.iucha.org (Postfix) with ESMTP id C64EA2D72                   
        for <florin at iucha.net>; Mon,  4 Feb 2002 20:17:42 -0600 (CST)           
Received: from mail.real-time.com (dsherman-rt-dsl.real-time.com                +[208.20.203.226])                                                              
        by enchanter.real-time.com (8.11.6/8.11.6) with SMTP id g152HWY32026;   
        Mon, 4 Feb 2002 20:17:32 -0600                                          
Date: Mon, 4 Feb 2002 20:17:32 -0600                                            
Message-Id: <200202050217.g152HWY32026 at enchanter.real-time.com>                 

So somebody broke into enchanter.real-time.com? Or is spoofing it?

> *Please* disregard any fishy emails that appear to come from me,
> especially if they have one or more attachments. I personally received
> the below message with two attachments, one was a valid MS Word doc, the
> other a 108kb executable file called "those.bat". It is binary, not a
> real DOS batch file, and I suspect it is the real virus in this whole
> thing.

OK.

florin

-- 

"If it's not broken, let's fix it till it is."

41A9 2BDE 8E11 F1C5 87A6  03EE 34B3 E075 3B90 DFE4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020204/ac943c9e/attachment.pgp