I just received what is probably a copy of MyDoom. It looks like it might be somebody on Alug:
Received: from cpc1-norw2-3-0-cust125.pete.cable.ntl.com (HELO mdmbill.com) (81.100.212.125) by tuschin.blackcatnetworks.co.uk with SMTP; 31 Jan 2004 10:43:42 -0000
Note that mdmbill.com is not work-safe.
If you recognise yourself as the sender, you probably want to clean up your computer and install some anti-virus software :)
/Kirsten
On Sat, 2004-01-31 at 11:18, Kirsten Naylor wrote:
I just received what is probably a copy of MyDoom. It looks like it might be somebody on Alug:
Received: from cpc1-norw2-3-0-cust125.pete.cable.ntl.com (HELO mdmbill.com) (81.100.212.125) by tuschin.blackcatnetworks.co.uk with SMTP; 31 Jan 2004 10:43:42 -0000
Note that mdmbill.com is not work-safe.
If you recognise yourself as the sender, you probably want to clean up your computer and install some anti-virus software :)
/Kirsten
I've only had two so far, and both have spoofed addresses from Brazil. Now I'm not aware of anyone I know who would my e-mail address and the address of a Brazilian Horoscope vendor in their address book. I'm not sure I've got anything through ALUG though, unless we have any Brazilians in the mix...
Matt
Kirsten Naylor wrote:
I just received what is probably a copy of MyDoom. It looks like it might be somebody on Alug:
Received: from cpc1-norw2-3-0-cust125.pete.cable.ntl.com (HELO mdmbill.com) (81.100.212.125) by tuschin.blackcatnetworks.co.uk with SMTP; 31 Jan 2004 10:43:42 -0000
Note that mdmbill.com is not work-safe.
If you recognise yourself as the sender, you probably want to clean up your computer and install some anti-virus software :)
I've had several hundred of these (and Linux isn't affected by virii?), all caught by our amavis/AV software. All the from addresses are spoofed.
Cheers, Laurie.
On Sat, 2004-01-31 at 12:07, Laurie Brown wrote:
Received: from (HELO mdmbill.com) (81.100.212.125) by tuschin.blackcatnetworks.co.uk with SMTP; 31 Jan 2004 10:43:42 -0000
Note that mdmbill.com is not work-safe.
If you recognise yourself as the sender, you probably want to clean up your computer and install some anti-virus software :)
I've had several hundred of these (and Linux isn't affected by virii?), all caught by our amavis/AV software. All the from addresses are spoofed.
I just got a second one from the same person. The reason I'm sending this mail is so that whoever it is that is infected, can get that thing off their machine so I don't have to get mail from them. The HELO bit is spoofed, the cpc1-norw2-3-0-cust125.pete.cable.ntl.com bit is not.
/Kirsten
I've got 2 email addresses, say spam@me.org and mail@me.org What I want to do is remove anything sitting in the spool for mail that gets sent to spam. At the mo' I've got procmail to nix duplicates:
:0 Whc: msgid.lock | formail -D 16777216 data
:0 a: dupe
And then zap anything going to spam@ This gets rid of anything that goes to mail@ that's already been seen at spam@ but does no good if the other way round. Also this works on msgids, so can get fooled. Is there an apt-gettable tool for doing this? And a better way of fingerprinting msgs? All I can think of at the mo' is to use dbmail as the store and write a small sql script to drop by msgid when something comes in for spam@ ...
Ironically, Bill's email was held by the ALUG traps for a while. I hate procmail recipes.
On 2004-01-31 12:28:04 +0000 W.B.Hill wbh@wbh.org wrote:
Also this works on msgids, so can get fooled. Is there an apt-gettable tool for doing this? And a better way of fingerprinting msgs?
The Distributed Checksum Clearinghouse uses a couple of alternative message fingerprints. You might find that dccproc and similar tools can help do what you want.
-
J -
Kirsten Naylor -
Laurie Brown -
Matt Parker -
MJ Ray -
W.B.Hill