From: Patrycjusz R. £ogiewa (silverdr_at_inet.com.pl)
Date: 2004-10-27 16:31:37
On 27 pa¼ 2004, at 11:16, Marko Mäkelä wrote: > On Tue, Oct 26, 2004 at 06:52:59PM -0500, David Wood wrote: >> >> It's very important that everyone realizes that Ruud most likely did >> not >> send this file. If you recieve an attachment, do not open it. > > Yep, it's obvious if you look at the Received: headers: > > Received: from gizmo-inc.org ([184.108.40.206]) > by bouncer.ling.gu.se (SAVSMTP 220.127.116.11) with SMTP id > M2004102700202322423 for > <email@example.com>; Wed, 27 Oct 2004 00:20:24 +0200 > > The message was sent from pe60.warszawa.sdi.tpnet.pl (18.104.22.168) > posing > as gizmo-inc.org (22.214.171.124) using the SMTP HELO or EHLO command. > I don't think that Ruud is behind this message. > > My theory is that the message was sent in behalf of some Microsoft > Windows > user in Poland who has the Ruud's and the list's addresses on the > computer. > Most worms and viruses pick both the From: and To: addresses from the > local > system. > Yup. Can be that the worm just grabbed somewhere a message from Ruud to the list... It is quite common behaviour. I also recall - not so long ago - people (and antivirus bots) complaining about /me sprading Windows worms, which was of course pure bullshit since I dropped Windows years ago... But for Ruud - prepare yourself also for becoming one of the active spammers in the near future. :-) Not only the harvested addresses are being used for worm replication but also for having a good variety of VALID From: addresses for spam activities. I have that experience too. One reason for that was the fact that one of our company executive's laptop was running Windows and leaked the addressbook out... The possibilities are endless :-) I suggest calming down and not paying much attention to this. It's just everyday's Windows reality :-) -- Democracy, n.: The triumph of popularity over principle. Message was sent through the cbm-hackers mailing list
Archive generated by hypermail pre-2.1.8.