The Following Email was sent from this site
Message-ID: <001601cb9432883ee$6700a8c0@Accounts0851231>
X-Priority: 4446
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.7720
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.8217.2180
-----
This letter cannot be opened in the webmail because of low screen resolution.
The original letter is in the attachment.
If this problem repeats, please contact to the server Administrator.
XMailServer v45
-----

The attachment was Malicious and is intended to cause harm to your computers Here is the header of this email the name of the attachment is original_letter.zip This is what Cisco has to say about it Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a message that is attached as an archive for the recipient. The text in the e-mail message instructs the recipient to open the attachment to view the message. However, the .zip attachment contains a malicious .exe file that, if executed, attempts to infect the target system with malicious code. E-mail messages that are related to this threat (RuleID2866 and RuleID2866KVR) may contain the following files: original_letter.zip original_letter.exe The original_letter.exe file has a file size of 118,784 bytes. The MD5 checksum, which is a unique identifier of the executable is the following string: 0x2F2BBD8489DB146BB6822E8150527A19 Another variant of the original_letter.exe file has a file size of 32,462 bytes. The MD5 checksum is the following string: 0x7A2EE71BBA55A0239C479824B8FC5CC0 The following text is a sample of the e-mail message that is associated with this threat outbreak: Subject: why you do not answer Message Body: Message-ID: <001601cb9431731ee$6700a8c0@Accounts0806003> X-Priority: 8384 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.0106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.9897.2180 ----- This letter cannot be opened in the webmail because of low screen resolution. The original letter is in the attachment. If this problem repeats, please contact to the server Administrator. XMailServer v22 ----- The malware associated with this threat outbreak appears to be a trojan that belongs to the Trojan.Sasfis family. This trojan may modify the file system and system registry on the targeted system. Cisco Security Intelligence Operations analysts examine real-world e-mail traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global e-mail security threats and trends. Cisco will continue to monitor this threat and automatically adapt IronPort systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases. Cisco IronPort Virus Outbreak Filters protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. E-mail that is managed by Cisco and end users who are protected by Cisco IronPort web security appliances will not be impacted by these attacks. Cisco IronPort appliances are automatically updated to prevent both spam e-mail and hostile web URLs from being passed to the end user. From Marcella Grosjean Wed Jul 14 18:58:10 2010 X-Apparently-To: Hidden to protect privacy via 68.180.158.230; Wed, 14 Jul 2010 11:58:18 -0700
Return-Path: <donpovall@community.electricsheep.org>
X-YahooFilteredBulk: 75.144.25.109
Received-SPF: none (mta1073.mail.mud.yahoo.com: domain of donpovall@community.electricsheep.org does not designate permitted sender hosts)
X-YMailISG: RrscKC0cZApW2P0nEZfvBp0EKCYGBD5cohmbIzFPbL1swMAS
 PT80C1uZcKVp86PGkjrt9kpvk1ox_Q56Qo0uO8o17YXxrFc3Sf.S0zVt5DcW
 oVjwa_VRQfh8Re_q.qwv2rQp.CBLwXhN8fDug6H1jScVHYbzOOJOCELaqZxg
 7Um84hm3W8HWzXkBuzpeWbstjy8lZrwicgtlHYbfTayJynhQ829P5UBnSLrW
 zZhLHgp0YqW9pcUNK9PeTNT5sDoEEpPZ8E4TQGDMnPXZZ7VTufqsCq8J43Bo
 _xh00pB1laNDjZrY2CUpUQLO2oK7jJUkyqDfhtlTba.xQRxojqI9CX.eCk.q
 O7luAMOS34ijeHpgLdBibrXd5yDqkVChU5wcTYHkMlLUtTGxCKz0_Tp306nk
 hZonV1_H2feXHXhMJz_RKU5w5Rm4k8KJ3qTzsWor7.BuxCeBbX2Fl1yD6SQb
 VaO1SecNttwF8fQPb1XhjsColuwHCl.cgbo3ZZE701rAKGo-
X-Originating-IP: [75.144.25.109]
Authentication-Results: mta1073.mail.mud.yahoo.com  from=community.electricsheep.org; domainkeys=neutral (no sig);  from=community.electricsheep.org; dkim=neutral (no sig)
Received: from 127.0.0.1  (HELO community.electricsheep.org) (75.144.25.109)
  by mta1073.mail.mud.yahoo.com with SMTP; Wed, 14 Jul 2010 11:58:18 -0700
Message-ID: <001401cb2386$811fac3c$8f00a8c0@casanova-784e5d>
From: "Marcella Grosjean" <donpovall@community.electricsheep.org>
To: <HIDDEN@ymail.com>
Bcc: <HIDDEN@mchsi.com>,
    <HIDDEN@bellsouth.net>,
    <HIDDEN@earthlink.net>
Subject: re: please answer me
Date: Wed, 14 Jul 2010  11:58:10 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0011_01CB234B.D4BE6D00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Content-Length: 75991


----- Forwarded Message ----
From: Marcella Grosjean <donpovall@community.electricsheep.org>
To: HIDDEN@ymail.com
Sent: Wed, July 14, 2010 2:58:10 PM
Subject: re: please answer me

As you can see the Originating IP address was Spoofed and the name is fake but the sender of this mail is not hidden. donpovall@community.electricsheep.org I joined this Forum to explain the need to review your emails as you may have been unwittingly involved in an attempt to cause damage to several computers. I would suggest finding the originating IP address of member Don Povall and advising him of the issue as he may have been hacked and his computer is doing the bidding of some more evil group.