Worm bait?
Jerry Feldman
gaf at blu.org
Wed Aug 20 07:28:09 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 19 Aug 2003 19:55:39 -0400
Stephen Anthony <steve at stephencanthony.com> wrote:
> I received a email from a postfix mailer that tells me the message I
> sent bounced. All well and good, except I didn't send the message to
> begin with. Also, it says it was sent from my old attbi.com address
> (correct user name, tho) which I haven't used in a few months.
>
> I'm running my Evolution as my mail client, if that matters.
>
> I'm concerned that someone may have gotten access to the attbi account
> and is sending mail as me.
>
> Things I should do to investigate?
The w32.sobig worm contais the following subjects with a forged from:
line:
* Re: Details
* Re: Approved
* Re: Re: My details
* Re: Thank you!
* Re: That movie
* Re: Wicked screensaver
* Re: Your application
* Thank you!
* Your details
The actual sender of the message could be someone that you have
exchanged email with or not. And, if your address is in the forged from
line, and that email is rejected, you can easily get a bounce
notification.
- --
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/Q1tJ+wA+1cUGHqkRAg3jAJ0SiwCm8brlqyc3wlD0s6keRohe5wCdE/lI
26qwk7fPoM3bW6j9lJ/J4lo=
=8gEs
-----END PGP SIGNATURE-----
More information about the Discuss
mailing list