[rescue] Crazy viruses from the list...
D.A. Muran-de Assereto
dmuran at tuad.org
Mon May 24 19:36:45 CDT 2004
It's one of the harvesters, not necessarily a list member. I get viruses from
myself all the time, and I KNOW I'm not infected.
Dave
On Mon, 24 May 2004 13:11:02 -0400, Thomas Gallaway wrote
> Patrick Giagnocavo +1.717.201.3366 wrote:
>
> >On Mon, May 24, 2004 at 12:45:40PM -0400, William Enestvedt wrote:
> >
> >
> >>Thomas Gallaway wrote:
> >>
> >>
> >>>I dont know but I have within the last 2 hours received 4 viruses
> >>>from [an email address that's probably only for this list.]. All
> >>>of wich originated from
> >>>
> >>>Received: from 19-02.com (gtw13-2.esc13.net [170.76.20.253])
> >>>
> >>>
> >>>
> >> I just got two more virus-laden email messages; their headers include
> >>"<20040112131716.ga7951 at jdboyd.zill.net>" and "[170.76.20.253]" (which
> >>is a group named AcNet Gobierno Mexicano who changed their DNS record a
> >>week ago). The attachment, Your_money.vbs, was dropped by our mail
> >>system.
> >>
> >>
> >
> >This is a virus that randomly spoofs From: headers. It spreads by
> >reading Outlook's address book then spoofing itself as one of the
> >addresses listed there.
> >
> >I have found it very difficult to trace these back to the infected box.
> >
> >The procmail anti-virus script (look on freshmeat.net) I have found to
> >be helpful. Along with runing Mutt :-)
> >
> >Cordially
> >
> >
> Yeah but I dont think is can spoof the received from header (IP of the
> gateway it originated from).
> Actually all those are the same in my headers. Received a bunch more..
>
> -- Thomas
> _______________________________________________
> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue
***********************
Aude Sapere!
***********************
More information about the rescue
mailing list