your account

ahorn@deorth.org ahorn at deorth.org
Fri Aug 1 15:34:01 CDT 2003


On Fri, 1 Aug 2003, Tim Schaefer wrote:

>Date: Fri, 1 Aug 2003 15:59:33 -0400
>From: Tim Schaefer <tschaefer at dwcsolutions.com>
>To: linux-poweredge at dell.com
>Subject: RE: your account
>
>
> You guys are chasing your tails.  The originator probably
> relayed through an open proxy somewhere, and probably fudged
> the headers like all good spammers and hackers do.  You're
> wasting your time even trying to figure out where it came
> from.
>
> Have a great week-end!

My guess is that its a windows worm virus that went through a persons
addressbook and propogated to the entries in there, of which this list was
one.

I don't believe its targeted, nor initiated by an intelligent human at the
far end, this is not a hack or a piece of spam, it's just a virus. No open
proxy required since thats not the type of attack involved here.

With cooperation of the intermediate points, it is often possible to
figure out at least the IP address that the original message came from (or
the IP address of the perimeter NAT box/firewall). It depends on whether
you want to go to that trouble.

A quiet message to the senders email address in this case will help let
them know they have a virus infected system. It's not guaranteed but thats
the course of action I would take. Also a message to
postmaster at theirdomain (veritas.com I think) will help. These headers do
not appear to be obscured in any way.

Cheers,

Al







More information about the Linux-PowerEdge mailing list