Re: Weird email messages with "re:movie" and "re:application" in the subject line..
In message <200306260325.h5Q3PP5U025759@nic-naa.net>, Eric Brunner-Williams in Portland Maine writes:
W32/sobig.e@MM per McAffee.....
I seem to have done one better ... according to a M$ host in Level3-land, the Unix box right in front of me sent the mail in question.
Someone at L3 needs to call home. The only L3 turd in my mail log is their inbound...
Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=<administrator@Lev el3.com>, size=1711, class=0, nrcpts=1, msgid=<012d01c33b68$2bd14b40$d706010a@ corp.global.level3.com>, proto=ESMTP, daemon=MTA, relay=machine77.Level3.com [ 209.244.4.106]
And I've gotten bounces from mail allegedly from me. It's not L3's fault; this particular worm forges From: lines on its email. Another day, another worm. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)
--On Wednesday, June 25, 2003 23:37 -0400 "Steven M. Bellovin" <smb@research.att.com> wrote:
And I've gotten bounces from mail allegedly from me. It's not L3's fault; this particular worm forges From: lines on its email.
fault is debatable. Because forgeries are now so common, particularly in worms, why would you send these notifications to anyone other than the recipient? Let the human decide if the right thing to do is notify the sender.
participants (2)
-
John Payne -
Steven M. Bellovin