[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Forged Virus: "Status"
Early Sunday morning, an attachment email was sent via this list
(outages-list) spoofed to appear to be from Robert (nanook) when it really
came from a mail server in Lithuania (*.lt) that did not have valid DNS.
Feb 8 02:09:49 mx2 sendmail[15899]: CAA15899: from=<nanook@eskimo.com>,
... bodytype=8BITMIME, proto=ESMTP, relay=[217.17.86.15]
inetnum: 217.17.86.0 - 217.17.86.255
netname: MVTV_NAT_6
descr: Mikrovisatos TV cliants NAT pool number 6
country: LT
The attachment (doc.zip) appears suspiciously like the 'Mydoom'/'Novarg'
virus (same Subject, one of the listed file names, forged 'From' line,
etc.), so please be sure anti-virus software you have is updated if you
opened the attachment without realizing over the weekend.
I've added a rule in this list's recipes to prevent such address
spoofing/forging -- it had been in place earlier, but recent rebuilds of
SmartList had replaced the modified file (rc.submit). Took a while today
to rebuild the rule from scratch and run some tests on my own inbox before
making it live in the outages-list ruleset.
~ Eric
Eskimo North Support | Voice Numbers - (206)812-0051 or 800-246-6874
support@eskimo.com | Voice help available 7am to 10:45pm Mon-Fri
PO Box 55816 | and 11am to 6:45pm Saturday and Sunday
Seattle, WA 98155-0816 | Fax us at - (206)812-0054
