Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Worm bait?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19 Aug 2003 19:55:39 -0400
Stephen Anthony <steve at stephencanthony.com> wrote:

> I received a email from a postfix mailer that tells me the message I
> sent bounced. All well and good, except I didn't send the message to
> begin with. Also, it says it was sent from my old attbi.com address
> (correct user name, tho) which I haven't used in a few months.
> 
> I'm running my Evolution as my mail client, if that matters. 
> 
> I'm concerned that someone may have gotten access to the attbi account
> and is sending mail as me. 
> 
> Things I should do to investigate?
The w32.sobig worm contais the following subjects with a forged from:
line:
    * Re: Details
    * Re: Approved
    * Re: Re: My details
    * Re: Thank you!
    * Re: That movie
    * Re: Wicked screensaver
    * Re: Your application
    * Thank you!
    * Your details

The actual sender of the message could be someone that you have
exchanged email with or not. And, if your address is in the forged from
line, and that email is rejected, you can easily get a bounce
notification. 
- -- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/Q1tJ+wA+1cUGHqkRAg3jAJ0SiwCm8brlqyc3wlD0s6keRohe5wCdE/lI
26qwk7fPoM3bW6j9lJ/J4lo=
=8gEs
-----END PGP SIGNATURE-----




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org