[59346] in North American Network Operators' Group
Re: Weird email messages with "re:movie" and "re:application" in the subject line..
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Jun 25 23:38:29 2003
To: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Cc: Larry Rosenman <ler@lerctr.org>,
Mark Segal <MSegal@Corporate.FCIBroadband.com>,
"'nanog@merit.edu'" <nanog@merit.edu>
Date: Wed, 25 Jun 2003 23:37:56 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <200306260325.h5Q3PP5U025759@nic-naa.net>, Eric Brunner-Williams in
Portland Maine writes:
>
>
>> W32/sobig.e@MM per McAffee.....
>
>I seem to have done one better ... according to a M$ host in Level3-land,
>the Unix box right in front of me sent the mail in question.
>
>Someone at L3 needs to call home. The only L3 turd in my mail log is their
>inbound...
>
>Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=<administrator@Lev
>el3.com>, size=1711, class=0, nrcpts=1, msgid=<012d01c33b68$2bd14b40$d706010a@
>corp.global.level3.com>, proto=ESMTP, daemon=MTA, relay=machine77.Level3.com [
>209.244.4.106]
And I've gotten bounces from mail allegedly from me. It's not L3's
fault; this particular worm forges From: lines on its email.
Another day, another worm.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
