Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VIRUS (Worm.SCO.A) IN YOUR MAIL (fwd)



Notifying the sender that they have a virus is kinda silly anyways since none of the email headers can be verified.  Scanning for virii on incoming mail is fine, but bugging the hell out of people isnt.

anomy-sanitizer is great.

-miah

On Tue, Jan 27, 2004 at 11:52:11AM -0600, Chris Devers wrote:
> On Tue, 27 Jan 2004, David Kramer wrote:
> 
> > I just got this.  As far as I know, my relays are closed tight and my 
> > firewall is solid.  Is this spam?
> 
> It looks like a dumb virus scanner to me. Most mail worms these days fake
> the from address, and virus scanners sometimes trap & incorrectly report
> back to the "source" of the spam. 
> 
> This jumps out at me:
>  
> > ---------- Forwarded message ----------
> > Date: Tue, 27 Jan 2004 14:39:36 +0100 (CET)
> > From: Anti-Virus <virusmelding at hsbos.nl>
> > To: david at thekramers.net
> > Subject: VIRUS (Worm.SCO.A) IN YOUR MAIL
> > 
> > [[snip --c.d.]]
> > 
> > For your reference, here are headers from your email:
> > ------------------------- BEGIN HEADERS -----------------------------
> > Received: from thekramers.net (unknown [65.203.121.147])
> > 	by relay.surfnet.nl (Postfix) with ESMTP id AF6C63F461
> > 	for <pschouten at hsbos.nl>; Tue, 27 Jan 2004 14:37:23 +0100 (MET)
> 
> So, the header suggests that thekramers.net is at 65.203.121.147, and yet:
> 
>     $ nslookup -sil thekramers.net
>     Server:         151.203.0.84
>     Address:        151.203.0.84#53
> 
>     Non-authoritative answer:
>     Name:   thekramers.net
>     Address: 66.92.68.235
> 
> It looks like 65.203.121.147 isn't you, is it?
> 
> 
> 
> -- 
> Chris Devers
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org