I am noticing alot of the machines in the "Received from:" headers (which aren't forged) are located at universities. I think this is yet another manifestation of september syndrome: kind of a perfect storm of a new very effective worm allied with a large pool of unprotected machines on broadband networks being brought back into services. <SIGH> > -----Original Message----- > From: Michael Boggan [mailto:MBoggan@xxxxxxxxxxx] > Sent: Wednesday, August 20, 2003 3:47 PM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: OT: viruses spoofing my e-mail addy > > > hehe half the ones i am getting are spoofing dell.com addresses. > > _________________________________ > > Michael Boggan > Network Engineer/Citrix Admin > Virtual Desktop Inc. > Dallas, Texas > Ph: (972) 960-6400 > Fax: (972) 960-6445 > email: mboggan@xxxxxxxxxxx > http://www.virtualdesktopinc.com > _________________________________ > > For Technical Support during business hours please send email to > support@xxxxxxxxxxx or call the above toll free number for afterhours > support. > > -----Original Message----- > From: Magnus [mailto:magnus@xxxxxxxx] > Sent: Wednesday, August 20, 2003 2:06 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: OT: viruses spoofing my e-mail addy > > > Most of the mail that I have see has been coming from "known" > Open Relay > mail servers. We implemented a RBL and blacklist lookup program (on a > linux machine) to query the RBL and blacklist/blackhole > databases if it > is in the list the mail gets refused / deleted . > > If it is not on the list we wrote a custom perl script to > check if it is > an open relay if so submit it to RBL and Blackhole to have > them added to > the database. > > It cut down on aboput 80% of our SPAM and infected emails. > > Magnus > > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On > Behalf Of Henry Sieff > Sent: Wednesday, August 20, 2003 12:56 PM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: OT: viruses spoofing my e-mail addy > > > Oh yeah, welcome to the brave new world. > > Since Monday, we are seeing a 100 fold increase in spoofing massmailer > emails. Opening up the headers and examining the path of servers the > email took to its destination is the only way to identify the > originating machine or mail server (SOBIG.F has its own SMTP > server, so > mostly it just contacts the destination mail server directly). > > The problem is that there isn't a single mail server AV product out > there 'smart' enough to interpret these headers, and most > people who run > mail servers don't understand that. So, they happily let the > AV software > read the (easily forged) From: header and direct its alerts to whoever > is listed in there. > > The amount of fun this can cause is amazing, as mail servers take one > mail message and multiply it by two (the alerts) or three > (what happens > when the > From: doesn't exist but the domain does?) or more (the various > permutations are limited only by your imagination). > > Basically, the only moral thing to do is turn off emailed > autoalerts on > mail server AV software until it gets better. > > Henry > > > -----Original Message----- > > From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx] > > Sent: Wednesday, August 20, 2003 11:06 AM > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] OT: viruses spoofing my e-mail addy > > > > > > Just wondering if anyone else is getting messages from other people > > gateways saying they got a virus attachment from your mail box addy. > > > > I have gotten several this am and the exchange server, > > MetaFrame boxes I > > am using all show as clean. Which leads me to believe that since my > > address is out there so much on the internet that it is being > > spoofed as > > the reply to: > > > > Comments? > > > > Ron Oglesby > > Senior Technical Architect > > > > RapidApp > > Office 312.372.7188 > > Mobile 815.325.7618 > > email roglesby@xxxxxxxxxxxx > > > > ******************************************************** > > This Week's Sponsor: RES PowerFuse, The Management Framework > > for Windows > > Eliminate Multiple Tools, Multiple Support Channels and > Multiple Costs > > Manage, Control, and Secure an Entire Windows environment > > with Ease, including Real-time Reporting and Documenting Components > > Validate a Meaningful ROI on All of your IT Investments with > > RES PowerFuse. > > http://www.respowerfuse.com/ > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thethin.net/links.cfm > > > > For Archives, to Unsubscribe, Subscribe or > > set Digest or Vacation mode use the below link: > > http://thethin.net/citrixlist.cfm > > > ******************************************************** > This Week's Sponsor: RES PowerFuse, The Management Framework for > Windows Eliminate Multiple Tools, Multiple Support Channels > and Multiple > Costs Manage, Control, and Secure an Entire Windows environment with > Ease, including Real-time Reporting and Documenting > Components Validate > a Meaningful ROI on All of your IT Investments with RES PowerFuse. > http://www.respowerfuse.com/ > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thethin.net/links.cfm > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thethin.net/citrixlist.cfm > > > ******************************************************** > This Week's Sponsor: RES PowerFuse, The Management Framework > for Windows > Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs > Manage, Control, and Secure an Entire Windows environment with Ease, > including Real-time Reporting and Documenting Components > Validate a Meaningful ROI on All of your IT Investments with > RES PowerFuse. > http://www.respowerfuse.com/ > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thethin.net/links.cfm > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thethin.net/citrixlist.cfm > ******************************************************** > This Week's Sponsor: RES PowerFuse, The Management Framework > for Windows > Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs > Manage, Control, and Secure an Entire Windows environment > with Ease, including Real-time Reporting and Documenting Components > Validate a Meaningful ROI on All of your IT Investments with > RES PowerFuse. > http://www.respowerfuse.com/ > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thethin.net/links.cfm > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thethin.net/citrixlist.cfm > ******************************************************** This Week's Sponsor: RES PowerFuse, The Management Framework for Windows Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs Manage, Control, and Secure an Entire Windows environment with Ease, including Real-time Reporting and Documenting Components Validate a Meaningful ROI on All of your IT Investments with RES PowerFuse. http://www.respowerfuse.com/ ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm