I'm not sure what the hell this is, but it's coming from users with OE5. The header looks like this:
------4258F457_Outlook_Express_message_boundary
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: message text
Hi! How are you=3F
I send you this file in order to have your advice
See you later=2E Thanks
------4258F457_Outlook_Express_message_boundary
Content-Type: application/mixed; name=Automatic_old_file_Backup.doc.pif
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=Automatic_old_file_Backup.doc.pif
Or:
------2950A728_Outlook_Express_message_boundary
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: message text
Hi! How are you=3F
I send you this file in order to have your advice
See you later=2E Thanks
------2950A728_Outlook_Express_message_boundary
Content-Type: application/mixed; name=1.doc.pif
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=1.doc.pif
I've got 25 of the damn things send to me. The body consists of alphanumeris combinations. The source:
Return-Path: <[email protected]>
Received: from mail.texas.rr.com (sm1.texas.rr.com [24.93.35.54])
by server-1.visp.net (8.11.0/8.11.0) with ESMTP id f6PMF1m24340
for <My email address>; Wed, 25 Jul 2001 15:15:01 -0700
Received: from hp.totalnet.ro ([212.54.107.189]) by mail.texas.rr.com with Microsoft SMTPSVC(5.5.1877.537.53);
Wed, 25 Jul 2001 17:06:31 -0500
From: "editor"<[email protected]>
To: My email address
Subject: alin2
date: Thu, 26 Jul 2001 00:58:39 -0500
MIME-Version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-Type: multipart/mixed;
boundary="----203F6920_Outlook_Express_message_boundary"
Content-Disposition: Multipart message
Message-ID: <[email protected]>
Status: RO
X-Status: O
Return-Path: <[email protected]>
Received: from mail.texas.rr.com (sm1.texas.rr.com [24.93.35.54])
by server-1.visp.net (8.11.0/8.11.0) with ESMTP id f6PN50m07027
for <My email address>; Wed, 25 Jul 2001 16:05:00 -0700
Received: from hp.totalnet.ro ([212.54.107.189]) by mail.texas.rr.com with Microsoft SMTPSVC(5.5.1877.537.53);
Wed, 25 Jul 2001 17:36:48 -0500
From: "editor"<[email protected]>
To: My email address
Subject: themes
date: Thu, 26 Jul 2001 01:28:41 -0500
MIME-Version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-Type: multipart/mixed;
boundary="----3F046CD5_Outlook_Express_message_boundary"
Content-Disposition: Multipart message
Message-ID: <[email protected]>
Status: RO
X-Status: O
But those 25 emails were a total of 5 megs of downloads. They have various names to them, alin2, 1, 1027 packing list, Automatic_old_file_Backup, Document, themes, viorica, sndtrk, and a few others. Has anyone seen this or know if it is a virus? Under Linux, I can't tell much from it except that it's a real pain to have 5 megs of crap.
------4258F457_Outlook_Express_message_boundary
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: message text
Hi! How are you=3F
I send you this file in order to have your advice
See you later=2E Thanks
------4258F457_Outlook_Express_message_boundary
Content-Type: application/mixed; name=Automatic_old_file_Backup.doc.pif
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=Automatic_old_file_Backup.doc.pif
Or:
------2950A728_Outlook_Express_message_boundary
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: message text
Hi! How are you=3F
I send you this file in order to have your advice
See you later=2E Thanks
------2950A728_Outlook_Express_message_boundary
Content-Type: application/mixed; name=1.doc.pif
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=1.doc.pif
I've got 25 of the damn things send to me. The body consists of alphanumeris combinations. The source:
Return-Path: <[email protected]>
Received: from mail.texas.rr.com (sm1.texas.rr.com [24.93.35.54])
by server-1.visp.net (8.11.0/8.11.0) with ESMTP id f6PMF1m24340
for <My email address>; Wed, 25 Jul 2001 15:15:01 -0700
Received: from hp.totalnet.ro ([212.54.107.189]) by mail.texas.rr.com with Microsoft SMTPSVC(5.5.1877.537.53);
Wed, 25 Jul 2001 17:06:31 -0500
From: "editor"<[email protected]>
To: My email address
Subject: alin2
date: Thu, 26 Jul 2001 00:58:39 -0500
MIME-Version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-Type: multipart/mixed;
boundary="----203F6920_Outlook_Express_message_boundary"
Content-Disposition: Multipart message
Message-ID: <[email protected]>
Status: RO
X-Status: O
Return-Path: <[email protected]>
Received: from mail.texas.rr.com (sm1.texas.rr.com [24.93.35.54])
by server-1.visp.net (8.11.0/8.11.0) with ESMTP id f6PN50m07027
for <My email address>; Wed, 25 Jul 2001 16:05:00 -0700
Received: from hp.totalnet.ro ([212.54.107.189]) by mail.texas.rr.com with Microsoft SMTPSVC(5.5.1877.537.53);
Wed, 25 Jul 2001 17:36:48 -0500
From: "editor"<[email protected]>
To: My email address
Subject: themes
date: Thu, 26 Jul 2001 01:28:41 -0500
MIME-Version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-Type: multipart/mixed;
boundary="----3F046CD5_Outlook_Express_message_boundary"
Content-Disposition: Multipart message
Message-ID: <[email protected]>
Status: RO
X-Status: O
But those 25 emails were a total of 5 megs of downloads. They have various names to them, alin2, 1, 1027 packing list, Automatic_old_file_Backup, Document, themes, viorica, sndtrk, and a few others. Has anyone seen this or know if it is a virus? Under Linux, I can't tell much from it except that it's a real pain to have 5 megs of crap.
I've gotten 40+ from the same address so far. The body is encrypted so I have no idea what it says or contains, but a few of these are MP3's I think (thus the huge size). Well, it's coming from Mexico. Got my upstream working on blocking the IP's now. 
Thankf for the heads up though. Feel free to move or dump this thread Neo or Brain or fury or whoever is charge of that. hehe 