[60930] in North American Network Operators' Group
Re: Hijacked email
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Wed Aug 20 09:22:17 2003
Date: Wed, 20 Aug 2003 09:21:41 -0400 (EDT)
From: jlewis@lewis.org
To: Pascal Gloor <pascal.gloor@spale.com>
Cc: Jack.W.Parks@alltel.com, <nanog@merit.edu>
In-Reply-To: <009201c3671a$5215d900$1d0a0a0a@lan.intra>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 20 Aug 2003, Pascal Gloor wrote:
> > Anyone seeing hijacked email addresses with this Sobig-F worm? I did
> > some research and I know I didn't send anything to Investec Bank of
> > Johannesburg,ZA. On top of that, I definitely did not send a worm.
>
> same here... seems the worm is not only using the adress book for targets,
> but also as sources..
Is this surprising to anyone? That's the way the past few Lookout Virus
Express viruses have worked. The funny thing is, on this account, I've
gotten zero copies that I've noticed...just lots of mail from various
lists talking about it.
On my work account, I've gotten several this morning and a bunch of
bounces.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
