Re: Re:

From: Patrycjusz R. £ogiewa (
Date: 2004-10-27 16:31:37

On 27 pa¼ 2004, at 11:16, Marko Mäkelä wrote:

> On Tue, Oct 26, 2004 at 06:52:59PM -0500, David Wood wrote:
>> It's very important that everyone realizes that Ruud most likely did 
>> not
>> send this file.  If you recieve an attachment, do not open it.
> Yep, it's obvious if you look at the Received: headers:
> Received: from ([])
>  by (SAVSMTP with SMTP id 
> M2004102700202322423 for
>  <>; Wed, 27 Oct 2004 00:20:24 +0200
> The message was sent from ( 
> posing
> as ( using the SMTP HELO or EHLO command.
> I don't think that Ruud is behind this message.
> My theory is that the message was sent in behalf of some Microsoft 
> Windows
> user in Poland who has the Ruud's and the list's addresses on the 
> computer.
> Most worms and viruses pick both the From: and To: addresses from the 
> local
> system.

Yup. Can be that the worm just grabbed somewhere a message from Ruud to 
the list... It is quite common behaviour. I also recall - not so long 
ago - people (and antivirus bots) complaining about /me sprading 
Windows worms, which was of course pure bullshit since I dropped 
Windows years ago... But for Ruud - prepare yourself also for becoming 
one of the active spammers in the near future. :-) Not only the 
harvested addresses are being used for worm replication but also for 
having a good variety of VALID From: addresses for spam activities. I 
have that experience too. One reason for that was the fact that one of 
our company executive's laptop was running Windows and leaked the 
addressbook out... The possibilities are endless :-) I suggest calming 
down and not paying much attention to this. It's just everyday's 
Windows reality :-)

Democracy, n.: The triumph of popularity over principle.

       Message was sent through the cbm-hackers mailing list

Archive generated by hypermail pre-2.1.8.