[ic] Mydoom-A Virus

Peter peter at pajamian.dhs.org
Wed Feb 11 21:15:31 EST 2004

Peter wrote:
> Sam Batschelet wrote:
>> <peter wrote>
>> Subject: [ic] Mydoom-A Virus
>> There seems to be a lot of copis of the Mydoom-A virus coming through 
>> this list.  I thought this list was supposed to be filtering out viruses
>> and spam?
>> Peter
>> *******
>> These Virus's are spoofed with the email address of the list and did not
>> originate from it.
>> -Sam
> Actually, these ones are coming through the list server (not originating 
> from it, but they are coming through it) according to the recieved 
> headers.  Mydoom-A knows how to spoof the from address and the HELO line 
> to the email server, but it cannot spoof the ip address in the recieved 
> header:
> Received: from icdevgroup.org (icdevgroup.org [])
>     by defender.enslaved.com (8.11.6/8.11.6) with ESMTP id i1C1XhT26875
>     for <pj at abductor.com>; Wed, 11 Feb 2004 17:33:43 -0800
> $ dig -x
> ...
> 28000 IN     PTR     icdevgroup.org.
> Peter

Actually, I take it back.  What is coming through the list are the 
bounce messages from email servers that the virus is getting sent to. 
Some of these bounce messages *still contain the virus* so it would be 
nice if they got filtered out.  Also, shouldn't the list be able to 
intercept bounce messages in general?  They tend to be irritating and 
clutter up the list.


More information about the interchange-users mailing list