[60877] in North American Network Operators' Group
Re: Virus emails from nanog mail list
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Aug 19 15:16:12 2003
To: David Diaz <techlist@smoton.net>
Cc: nanog@merit.edu
Date: Tue, 19 Aug 2003 12:52:05 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <p05200f04bb680320c606@[64.202.132.204]>, David Diaz writes:
>
>Spam may be off topic but in this case relevant. Has anyone else
>noticed bounced emails that appear to have origionated from their
>nanog email boxes and contain viruses?
>
>Obviously some bot has gone threw the nanog list and is now forging
>headers such that they appear to come from those addresses, and they
>are attaching viruses.
>
>The IP address (which may or may not be accurate) appears to be
>[195.157.87.253].
>
>Has anyone else noticed this recently?
I've gotten hundreds of such bounce messages today. Only a few have
Received: lines, but those have differed. I don't know for sure if
it's the nanog list, since I don't use a different email address for it.
--Steve Bellovin, http://www.research.att.com/~smb
