Re[2]: Virus??

[Richard Welty <rwelty@xxxxxxxxxxxxxxx>]

On Tue, 22 Jul 2003 17:18:05 -0500 Ryan Moore <baradium@domain.elided> wrote:

> I just deleted something that said itw as from ihc@domain.elided  was a 62KB
> file and not something I usually get, so out it went.  Also the MIME
> stuff
> looked odd, so I never opened it, just checked properties and trashed it.

> From: "Beijer, P.A.C." <p.a.c.beijer@domain.elided>

> > My mail server deleted ihc-digest V7 #65 because it detected a virus in
> it.
> > Did I mis something?

whatever it was, it didn't come from my server.

someone is likely infected with some sort of virus or worm, and it sent out
a pseudo digest.

in general, if you get something that's sort of familiar but doesn't quite
make sense, it's best not to fool around with it at all. some of the newest
virus and worm programs will mine outhouse, er, outlook for information to
use in the "social engineering" of the messages it will turn around and
send out.

it'd be easy to recognize mailing list messages by the "Precedence: Bulk"
header and then spam the addresses in the address book with an ersatz
version of the mailing list message, so i'll wager that's what one of them
is doing.

richard
-- 
Richard Welty                                         rwelty@domain.elided
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security