IHC/IHC Digest Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: Virus??



----- Original Message ----- 
From: "Richard Welty" <rwelty@domain.elided>
To: "IHC-digest" <ihc@domain.elided>
Sent: Tuesday, July 22, 2003 17:30
Subject: Re[2]: Virus??


> On Tue, 22 Jul 2003 17:18:05 -0500 Ryan Moore <baradium@domain.elided>
wrote:
>
> > I just deleted something that said itw as from ihc@domain.elided  was a
62KB
> > file and not something I usually get, so out it went.  Also the MIME
> > stuff
> > looked odd, so I never opened it, just checked properties and trashed
it.
>
> > From: "Beijer, P.A.C." <p.a.c.beijer@domain.elided>
>
> > > My mail server deleted ihc-digest V7 #65 because it detected a virus
in
> > it.
> > > Did I mis something?
>
> whatever it was, it didn't come from my server.
>
> someone is likely infected with some sort of virus or worm, and it sent
out
> a pseudo digest.
>

That's what I figured, wasn't going to say anything at all, but thought I'd
chime in when it was brought up.

> in general, if you get something that's sort of familiar but doesn't quite
> make sense, it's best not to fool around with it at all. some of the
newest
> virus and worm programs will mine outhouse, er, outlook for information to
> use in the "social engineering" of the messages it will turn around and
> send out.
>
> it'd be easy to recognize mailing list messages by the "Precedence: Bulk"
> header and then spam the addresses in the address book with an ersatz
> version of the mailing list message, so i'll wager that's what one of them
> is doing.
>
> richard
> -- 
> Richard Welty
rwelty@domain.elided
> Averill Park Networking
518-573-7592
>     Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
>

Makes sense!

The headers also came from attbi.com  I'd wager that it's a front that the
original message passes through to remove traces...

-Ryan


Home | Archive | Main Index | Thread Index