The original message was received at Thu, 8 Feb 2007 20:11:37 +0200
from purple.bonev.com [195.69.109.190]
----- The following addresses had permanent fatal errors -----
<dolank_at_msu.edu>
(reason: 550 Virus found (Worm.Mydoom.M) http://help.msu.edu/mail/virus/)
----- Transcript of session follows -----
... while talking to lb.mail.msu.edu.:
>>> DATA
<<< 550 Virus found (Worm.Mydoom.M) http://help.msu.edu/mail/virus/
554 5.0.0 Service unavailable
attached mail follows:
WARNING: This e-mail has been altered by MIMEDefang. Following this
paragraph are indications of the actual changes made. For more
information about your site's MIMEDefang policy, contact
BIS.BG Mail Administrator <postmaster_at_biscom.net>. For more information about MIMEDefang, see:
http://www.roaringpenguin.com/mimedefang/enduser.php3
An attachment named instruction.zip was removed from this document as it
constituted a security hazard. If you require this document, please contact
the sender and arrange an alternate means of receiving it.
Spam detection software, running on the system "mx2.cisbg.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Dear user dolank_at_msu.edu, We have detected that your
email account was used to send a huge amount of spam during the last
week. Most likely your computer was infected and now runs a trojan
proxy server. [...]
Content analysis details: (4.8 points, 3.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 NO_REAL_NAME From: does not include a real name
1.4 MSGID_FROM_MTA_ID Message-Id for external message added locally
0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
3.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
attached mail follows:
Dear user dolank_at_msu.edu,
We have detected that your email account was used to send a huge amount of spam during the last week.
Most likely your computer was infected and now runs a trojan proxy server.
Please follow the instructions in the attached text file in order to keep your computer safe.
Virtually yours,
The msu.edu support team.
This archive was generated by hypermail 2.2.0 : Fri Feb 09 2007 - 13:48:57 EST