[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Forged Virus: "Status"
- To: email@example.com
- Subject: Forged Virus: "Status"
- From: Eskimo North Support <firstname.lastname@example.org>
- Date: Mon, 9 Feb 2004 13:07:14 -0800 (PST)
- List-help: <mailto:email@example.com?subject=help>
- List-post: <mailto:firstname.lastname@example.org>
- List-subscribe: <mailto:email@example.com?subject=subscribe>
- List-unsubscribe: <mailto:firstname.lastname@example.org?subject=unsubscribe>
- Resent-date: Mon, 9 Feb 2004 13:07:26 -0800
- Resent-from: email@example.com
- Resent-message-id: <"Qinyi1.0.FH4.CQ_901"@mx1>
- Resent-sender: firstname.lastname@example.org
Early Sunday morning, an attachment email was sent via this list (outages-list) spoofed to appear to be from Robert (nanook) when it really came from a mail server in Lithuania (*.lt) that did not have valid DNS. Feb 8 02:09:49 mx2 sendmail: CAA15899: from=<email@example.com>, ... bodytype=8BITMIME, proto=ESMTP, relay=[126.96.36.199] inetnum: 188.8.131.52 - 184.108.40.206 netname: MVTV_NAT_6 descr: Mikrovisatos TV cliants NAT pool number 6 country: LT The attachment (doc.zip) appears suspiciously like the 'Mydoom'/'Novarg' virus (same Subject, one of the listed file names, forged 'From' line, etc.), so please be sure anti-virus software you have is updated if you opened the attachment without realizing over the weekend. I've added a rule in this list's recipes to prevent such address spoofing/forging -- it had been in place earlier, but recent rebuilds of SmartList had replaced the modified file (rc.submit). Took a while today to rebuild the rule from scratch and run some tests on my own inbox before making it live in the outages-list ruleset. ~ Eric Eskimo North Support | Voice Numbers - (206)812-0051 or 800-246-6874 firstname.lastname@example.org | Voice help available 7am to 10:45pm Mon-Fri PO Box 55816 | and 11am to 6:45pm Saturday and Sunday Seattle, WA 98155-0816 | Fax us at - (206)812-0054