From: Marko Mäkelä (marko.makela_at_hut.fi)
Date: 2004-10-27 11:16:05
On Tue, Oct 26, 2004 at 06:52:59PM -0500, David Wood wrote: > > It's very important that everyone realizes that Ruud most likely did not > send this file. If you recieve an attachment, do not open it. Yep, it's obvious if you look at the Received: headers: Received: from gizmo-inc.org ([188.8.131.52]) by bouncer.ling.gu.se (SAVSMTP 184.108.40.206) with SMTP id M2004102700202322423 for <email@example.com>; Wed, 27 Oct 2004 00:20:24 +0200 The message was sent from pe60.warszawa.sdi.tpnet.pl (220.127.116.11) posing as gizmo-inc.org (18.104.22.168) using the SMTP HELO or EHLO command. I don't think that Ruud is behind this message. My theory is that the message was sent in behalf of some Microsoft Windows user in Poland who has the Ruud's and the list's addresses on the computer. Most worms and viruses pick both the From: and To: addresses from the local system. MagerValp, would it be possible to reject messages sent with a forged HELO or EHLO address? Marko Message was sent through the cbm-hackers mailing list
Archive generated by hypermail pre-2.1.8.