I got the following email today:
Dear user of Herron-family.com e-mail server gateway,

Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.

For more information see the attached file.

Have a good day,
The Herron-family.com team http://www.herron-family.com


Attatched was a file called TextDocument.zlo (obviously a malicous program of some sort)

The Headings from the email look like this Return-Path: <seventhseal@ibdeeming.com>
Delivered-To: herron-f-sean@herron-family.com
Received: (qmail 10630 invoked from network); 12 Mar 2004 17:25:30 -0000
Received: from unknown (HELO your-u2kqgyfzmo) (62.197.174.162)
by host86.ipowerweb.com with SMTP; 12 Mar 2004 17:25:30 -0000
Date: Fri, 12 Mar 2004 19:27:19 +0200
To: sean@herron-family.com
Subject: Email account utilization warning.
From: administration@herron-family.com
Message-ID: <pptqwcvfgotnsellmyf@herron-family.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------upfcphuphdtfbccjspri"


Now, I know my email account is not going to be deleted by the mail server admistrator in three days. How? Well, I AM the mail server administrator! :rolleyes:

Now, does this mean my server has been hacked and is going to do this to any email addresses it encounters, or did they just find a way to route the mail from my server? My host is iPowerweb. Should I contact them about this?

Your server has not been hacked, and you are not going to lose your email account. However, you opened a virus. Make sure you have the most updated virus definitions and run a scan. That's a virus that's been going around for a couple weeks now.

It just spoofed the "from" email address to make it look like it came from your domain.

see here for more info and removal tool: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.m@mm.html

I want to thank DF, because I just got a very similar email at my hauntedmansion.com account, and I was forewarned.

Is there a place to report viruses? Should the real "from" email address get busted for this?

Originally posted by Cadaverous Pallor
I want to thank DF, because I just got a very similar email at my hauntedmansion.com account, and I was forewarned.

Is there a place to report viruses? Should the real "from" email address get busted for this?

unfortunately, no real way of tracking down the person who wrote the virus through the emails. Look at how long it took FBI to track down the writer of the Melissa Virus, or the LoveBug virus, most of them are out of the US and use so many proxy servers and open relay servers to bounce their mail off of, the initial mail has hit probably 5 or 6 servers before it gets to the end user. And lets just put it this way, by the time you get the virus, Symantec and every other major AV company has already released new definitions to prevent against the virus.

in the case of the Novarg (aka MY DOOM) virus, the spread was released around noon on a Tuesday, the previous night, Monday night, Symantec released new Virus Definitions to prevent against the virus.

Best advice I can give you, spend the $40 and get a copy of Norton AntiVirus, and keep the virus definitions up to date. It will protect you big time.