Returned mail: see transcript for details from Mail Delivery Subsystem on 2007-02-08 (stdin)

From: Mail Delivery Subsystem <MAILER-DAEMON_at_mx2.cisbg.com>
Date: Thu, 8 Feb 2007 20:11:42 +0200

The original message was received at Thu, 8 Feb 2007 20:11:37 +0200
from purple.bonev.com [195.69.109.190]

----- The following addresses had permanent fatal errors -----
<dolank_at_msu.edu>
(reason: 550 Virus found (Worm.Mydoom.M) http://help.msu.edu/mail/virus/)

----- Transcript of session follows -----
... while talking to lb.mail.msu.edu.:
>>> DATA
<<< 550 Virus found (Worm.Mydoom.M) http://help.msu.edu/mail/virus/
554 5.0.0 Service unavailable

attached mail follows:

WARNING: This e-mail has been altered by MIMEDefang. Following this
paragraph are indications of the actual changes made. For more
information about your site's MIMEDefang policy, contact
BIS.BG Mail Administrator <postmaster_at_biscom.net>. For more information about MIMEDefang, see:

http://www.roaringpenguin.com/mimedefang/enduser.php3

An attachment named instruction.zip was removed from this document as it
constituted a security hazard. If you require this document, please contact
the sender and arrange an alternate means of receiving it.

Spam detection software, running on the system "mx2.cisbg.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Dear user dolank_at_msu.edu, We have detected that your
  email account was used to send a huge amount of spam during the last
  week. Most likely your computer was infected and now runs a trojan
  proxy server. [...]

Content analysis details: (4.8 points, 3.5 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.1 NO_REAL_NAME From: does not include a real name
1.4 MSGID_FROM_MTA_ID Message-Id for external message added locally
0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
3.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

attached mail follows:

('binary' encoding is not supported, stored as-is)

Dear user dolank_at_msu.edu,

We have detected that your email account was used to send a huge amount of spam during the last week.
Most likely your computer was infected and now runs a trojan proxy server.

Please follow the instructions in the attached text file in order to keep your computer safe.

Virtually yours,
The msu.edu support team.

message/delivery-status attachment: stored

application/octet-stream attachment: instruction.zip

Received on Fri Feb 09 2007 - 13:42:57 EST

This archive was generated by hypermail 2.2.0 : Fri Feb 09 2007 - 13:48:57 EST