![Welcome to Orange Frog Productions Scams, Shams & Flim-Flams Section [Banner]](images/ssff/ofp_banner_ssff.jpg)
Malware Email Example #006 (Returned mail: Service unavailable)
Please be sure to read my Malware Home Page
NOTE: This page Under Construction/Conversion
This page has not been completely converted to OFPv2 Standards.
When this is completed, this paragraph will go away.
Meanwhile, all external links on this page open a new window.
Things I Did, Below
I, personally, receive email in HTML format. The following was received (and looked) like I received it.
- I removed my email addresses. These came to various accounts and some no longer exist. There are places on this site you can get hold of me if you wish or need to. They are protected from spambots using JavaScript, but all you have to do is click on them.
- All scammer and related email addresses, and any actual website links have been changed, at least putting spaces into them. They appear as underlined blue links, though they aren't.
- Any notes I added in the actual letter are in square brackets ("[" "]"), are bold, red in color, and highlighted. If what I found "behind the links" (email or website) are different than what was displayed, I will include them in this type of note.
- All spelling, spacing, line-wrapping, and punctuation errors are the ones that appeared in the original received email. (I may or may not analyze some or all of these.)
Malware Email Example 006
Received 11/15/2006
Actually, I didn't receive this one. My sister did, and asked me about it.
i keep getting this email as returned and i did not send it. do you have a way of tracing this person. i don't want to email him incase he is dangerous. as in getting into my email address. i just keep deleting this message. i have gotten it several times.[<== My sister's message]
Subject: Returned mail: Service unavailable
The original message was received at Wed, 15 Nov 2006
19:43:32 -0500 (EST)
from 69-215-90-82.ded.ameritech.net [69.215.90.82]
*** ATTENTION ***
Your e-mail is being returned to you because there was a problem with its delivery. The address which was undeliverable is listed in the section labeled: "----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is listed in the section labeled: "----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail could not be delivered. The next line contains a second error message which is a general translation for other e-mail servers.
Please direct further questions regarding this message to your e-mail administrator.
--AOL Postmaster
----- The following addresses had permanent fatal errors
-----
<AOL email address>
----- Transcript of session follows -----
... while talking to air-mb03.mail.aol.com.:
>>> DATA
<<< 554 TRANSACTION FAILED - Unrepairable Virus
Detected. Your mail has not been sent.
554 <AOL email address>... Service unavailable
--------------------------------------------------------------------------------
Final-Recipient: RFC822; AOL email address
Action: failed
Status: 5.0.0
Remote-MTA: DNS; air-mb03.mail.aol.com
Diagnostic-Code: SMTP; 554 TRANSACTION FAILED -
Unrepairable Virus Detected. Your mail has not been
sent.
Last-Attempt-Date: Wed, 15 Nov 2006 19:44:03 -0500 (EST)
--------------------------------------------------------------------------------
Received: from your-xhtr8hvc4p.net
(69-215-90-82.ded.ameritech.net [69.215.90.82]) by
rly-mb02.mail.aol.com (v114.2) with ESMTP id
MAILRELAYINMB28-d0455bb4283d6; Wed, 15 Nov 2006 19:43:20
-0500
Date: Wed, 15 Nov 2006 18:42:57 -0600
To: "uwername from email address" <AOL
email address>
From: "Jblodgett" <jblodgett @ kc.rr.com>
Subject: Marye
Message-ID: <nnxddqqhklogsbhcmka @ aol.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------biwotcrmnrbfscespjpb"
X-AOL-IP: 69.215.90.82
X-AOL-SCOLL-SCORE: 0:2:429268686:18522046
X-AOL-SCOLL-URL_COUNT: 0
[I left names, email addresses, and phone numbers (except my sister's) in here for the search engines to find. DO NOT TRY TO CONTACT THEM! They sent a virus! -LE]
Response to My Sister
11/16/2006
I'm sure this had an attachment. DO NOT OPEN THE ATTACHMENT! This is a way they get you to open viruses! It looks like it came from Milwaukee, WI (if the ISP address wasn't faked on what appears below [above].)
I hope you didn't open it if it did. If you did, what happened? Either way, what was the attachment's name? (Don't open it... Just see what the name of the attachment(s) are/were.)
See http://www.orangefrogproductions.com/ofp2s_malware_email_examples.shtml to see why I hope you didn't open it! (Don't worry too much about the header and source stuff, just be sure to read the examples and notes.) (It's been added as Example 006.)
Notes
- As I said, I'm sure there was an attachment she didn't notice, or didn't forward, and I'm sure it contained a virus. This message is too close to all the others I received that did to NOT be sure.
- Since it was forwarded to me, I am unsure of the actual headers from the original email. The ones listed IN the above are probably faked.
- As you can see - I have trouble getting my own family to read the warning pages I put up for everyone to read! GEEZE!
Send comments/questions about this page to Bill Sanders at:
Go to Malware
(Viruses, Adware, Spyware) Home page
Go to Malware Examples Home Page
Go to NEXT
Malware Example Page (last in sequence is not a link)
Send email to Bill Sanders
()
with questions or comments about this page or site.
This site, all text and graphics (unless otherwise noted) on it
were designed, developed and published by Bill Sanders of Orange Frog Productions.
It and it's CSS was validated and complies with both the:
CSS and
HTML 4.01
validators from W3C.
NOTE: All CSS validates except the "New Window Buttons"
which include some invalid code (ie: hacks),
added PicoSearch Tables,
and warnings for using transparent backgrounds when color foregrounds defined.
Copyright © 2003, 2004, 2005, 2006, 2007 by Bill Sanders / Full site last modified: October 21, 2006
Any reproduction, printing, or selling of this content is
prohibited without express written consent from William D.
Sanders.
