[THIN] Re: OT: viruses spoofing my e-mail addy
- From: Henry Sieff <hsieff@xxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Wed, 20 Aug 2003 15:56:59 -0500
I am noticing alot of the machines in the "Received from:" headers (which
aren't forged) are located at universities. I think this is yet another
manifestation of september syndrome: kind of a perfect storm of a new very
effective worm allied with a large pool of unprotected machines on broadband
networks being brought back into services.
<SIGH>
> -----Original Message-----
> From: Michael Boggan [mailto:MBoggan@xxxxxxxxxxx]
> Sent: Wednesday, August 20, 2003 3:47 PM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: OT: viruses spoofing my e-mail addy
>
>
> hehe half the ones i am getting are spoofing dell.com addresses.
>
> _________________________________
>
> Michael Boggan
> Network Engineer/Citrix Admin
> Virtual Desktop Inc.
> Dallas, Texas
> Ph: (972) 960-6400
> Fax: (972) 960-6445
> email: mboggan@xxxxxxxxxxx
> http://www.virtualdesktopinc.com
> _________________________________
>
> For Technical Support during business hours please send email to
> support@xxxxxxxxxxx or call the above toll free number for afterhours
> support.
>
> -----Original Message-----
> From: Magnus [mailto:magnus@xxxxxxxx]
> Sent: Wednesday, August 20, 2003 2:06 PM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: OT: viruses spoofing my e-mail addy
>
>
> Most of the mail that I have see has been coming from "known"
> Open Relay
> mail servers. We implemented a RBL and blacklist lookup program (on a
> linux machine) to query the RBL and blacklist/blackhole
> databases if it
> is in the list the mail gets refused / deleted .
>
> If it is not on the list we wrote a custom perl script to
> check if it is
> an open relay if so submit it to RBL and Blackhole to have
> them added to
> the database.
>
> It cut down on aboput 80% of our SPAM and infected emails.
>
> Magnus
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
> Behalf Of Henry Sieff
> Sent: Wednesday, August 20, 2003 12:56 PM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: OT: viruses spoofing my e-mail addy
>
>
> Oh yeah, welcome to the brave new world.
>
> Since Monday, we are seeing a 100 fold increase in spoofing massmailer
> emails. Opening up the headers and examining the path of servers the
> email took to its destination is the only way to identify the
> originating machine or mail server (SOBIG.F has its own SMTP
> server, so
> mostly it just contacts the destination mail server directly).
>
> The problem is that there isn't a single mail server AV product out
> there 'smart' enough to interpret these headers, and most
> people who run
> mail servers don't understand that. So, they happily let the
> AV software
> read the (easily forged) From: header and direct its alerts to whoever
> is listed in there.
>
> The amount of fun this can cause is amazing, as mail servers take one
> mail message and multiply it by two (the alerts) or three
> (what happens
> when the
> From: doesn't exist but the domain does?) or more (the various
> permutations are limited only by your imagination).
>
> Basically, the only moral thing to do is turn off emailed
> autoalerts on
> mail server AV software until it gets better.
>
> Henry
>
> > -----Original Message-----
> > From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx]
> > Sent: Wednesday, August 20, 2003 11:06 AM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] OT: viruses spoofing my e-mail addy
> >
> >
> > Just wondering if anyone else is getting messages from other people
> > gateways saying they got a virus attachment from your mail box addy.
> >
> > I have gotten several this am and the exchange server,
> > MetaFrame boxes I
> > am using all show as clean. Which leads me to believe that since my
> > address is out there so much on the internet that it is being
> > spoofed as
> > the reply to:
> >
> > Comments?
> >
> > Ron Oglesby
> > Senior Technical Architect
> >
> > RapidApp
> > Office 312.372.7188
> > Mobile 815.325.7618
> > email roglesby@xxxxxxxxxxxx
> >
> > ********************************************************
> > This Week's Sponsor: RES PowerFuse, The Management Framework
> > for Windows
> > Eliminate Multiple Tools, Multiple Support Channels and
> Multiple Costs
> > Manage, Control, and Secure an Entire Windows environment
> > with Ease, including Real-time Reporting and Documenting Components
> > Validate a Meaningful ROI on All of your IT Investments with
> > RES PowerFuse.
> > http://www.respowerfuse.com/
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thethin.net/links.cfm
> >
> > For Archives, to Unsubscribe, Subscribe or
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> >
> ********************************************************
> This Week's Sponsor: RES PowerFuse, The Management Framework for
> Windows Eliminate Multiple Tools, Multiple Support Channels
> and Multiple
> Costs Manage, Control, and Secure an Entire Windows environment with
> Ease, including Real-time Reporting and Documenting
> Components Validate
> a Meaningful ROI on All of your IT Investments with RES PowerFuse.
> http://www.respowerfuse.com/
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thethin.net/links.cfm
>
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
>
>
> ********************************************************
> This Week's Sponsor: RES PowerFuse, The Management Framework
> for Windows
> Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs
> Manage, Control, and Secure an Entire Windows environment with Ease,
> including Real-time Reporting and Documenting Components
> Validate a Meaningful ROI on All of your IT Investments with
> RES PowerFuse.
> http://www.respowerfuse.com/
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thethin.net/links.cfm
>
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
> ********************************************************
> This Week's Sponsor: RES PowerFuse, The Management Framework
> for Windows
> Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs
> Manage, Control, and Secure an Entire Windows environment
> with Ease, including Real-time Reporting and Documenting Components
> Validate a Meaningful ROI on All of your IT Investments with
> RES PowerFuse.
> http://www.respowerfuse.com/
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thethin.net/links.cfm
>
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
>
********************************************************
This Week's Sponsor: RES PowerFuse, The Management Framework for Windows
Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs
Manage, Control, and Secure an Entire Windows environment with Ease, including
Real-time Reporting and Documenting Components
Validate a Meaningful ROI on All of your IT Investments with RES PowerFuse.
http://www.respowerfuse.com/
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
