This is the mail archive of the ecos-discuss@sources.redhat.com mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Virus on message


On Thu, Oct 03, 2002 at 03:47:39PM +0200, Andrew Lunn wrote:
> I find it all rather strange. This morning I had lots of emails from
> postmasters and mail virus filter from all over the world saying i
> sent all sorts of random people this message. Not just people on
> ecos-discuss. This is not true. It looks like some mail virus has
> picked up my mail, attached the virus to it and then sent it to many
> people, making it look like it came from me. Our mail logs shows i did
> not send it. Also, my machine is not infected. Its a Solaris machine
> anyway, so much less likely to get infected by a virus or a worm.
> 
> So, please don't shoot me, im an innocent bystander in all this.

This is very typical for the Klez virus.

The From: (and sometimes also From) is spoofed. This makes it harder 
to fight the virus due to confusion amongst less experienced recipients
of the virus.

This one actually came from:

  Received: from unknown (HELO relay05.indigo.ie) (194.125.133.229)
    by ione.mind.be with SMTP; 2 Oct 2002 19:16:33 -0000
  Received: (qmail 95461 messnum 1194794 invoked from network[194.125.174.75/ts09-075.dublin.indigo.ie]); 2 Oct 2002 19:18:49 -0000
  Received: from ts09-075.dublin.indigo.ie (HELO sturm) (194.125.174.75)
    by relay05.indigo.ie (qp 95461) with SMTP; 2 Oct 2002 19:18:49 -0000

Turn headers on and check the actual ip address that logged in to the server.

Peter

-- 
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]