[ic] Mydoom-A Virus
Peter
peter at pajamian.dhs.org
Wed Feb 11 21:05:12 EST 2004
Sam Batschelet wrote:
> <peter wrote>
> Subject: [ic] Mydoom-A Virus
>
> There seems to be a lot of copis of the Mydoom-A virus coming through
> this list. I thought this list was supposed to be filtering out viruses
>
> and spam?
>
> Peter
>
> *******
>
> These Virus's are spoofed with the email address of the list and did not
> originate from it.
>
> -Sam
Actually, these ones are coming through the list server (not originating
from it, but they are coming through it) according to the recieved
headers. Mydoom-A knows how to spoof the from address and the HELO line
to the email server, but it cannot spoof the ip address in the recieved
header:
Received: from icdevgroup.org (icdevgroup.org [69.57.146.17])
by defender.enslaved.com (8.11.6/8.11.6) with ESMTP id i1C1XhT26875
for <pj at abductor.com>; Wed, 11 Feb 2004 17:33:43 -0800
$ dig -x 69.57.146.17
...
;; ANSWER SECTION:
17.146.57.69.in-addr.arpa. 28000 IN PTR icdevgroup.org.
Peter
More information about the interchange-users
mailing list