On Tue, 3 Jun 2003, Jack Bates wrote:
Dominic J. Eidson wrote:
I'm having a feeling that someone harvested a bunch of adresses, possibly from NANOG, and is using them as the sender address in pretend-to-be KLEZ spams.. I have received several bounces lately, several of them appearing to be KLEZ, all with me as the original sender - and yet, there's no chance I was ever infected with KLEZ (No windows boxes here...)
The nature of KLEZ is that it spoofs the sender address. Anyone infected with KLEZ or one of the variants and on NANOG will likely send out klez spoofing as NANOG posters.
I am quite aware of how KLEZ works - the sudden proliferation of NANOG-ers who reported that they've gotten KLEZ-ish bounces due to spoofed sender adrresses, seemed a little too coincidential. On the flip side, maybe there's still entirely too many people running vulnerable email readers...</irony> - d. -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ------------------------------------------------------------------------------- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/