[61045] in North American Network Operators' Group
Re: email virus ==> over the top
daemon@ATHENA.MIT.EDU (JC Dill)
Thu Aug 21 15:06:39 2003
Date: Thu, 21 Aug 2003 12:00:09 -0700
To: nanog <nanog@nanog.org>
From: JC Dill <nanog@vo.cnchost.com>
In-Reply-To: <3F44E0D4.74001B84@lists.rauhauser.net>
Errors-To: owner-nanog-outgoing@merit.edu
At 08:10 AM 8/21/2003, neal rauhauser wrote:
> No one loves me and I don't get much email from the folks who tolerate
>me. I just got back from having lunch with some guys who tolerate me and
>I found scads of messages from all over -the funniest among the bunch
>for our Nanog readers:
>
><user>@cisco.com
><user>@tacnet.com
><user>@wcom.com
><user>@sprint.com
>
> Looks like my internetwork equipment vendor and my two favorite peers
>have their Windoze stuff in a complete state of 'higgledy piggledy' - a
>technical term from Bloom County cartoons, for those not old enough to
>remember.
Today's problem virus forges the "from" field. So all those emails
"from" <user>@cisco/tacnet/wcom/sprint were sent from an infected computer
(or computers) that had those email addresses in it. Probably from a
computer on a competitor's network. You need to look at the received
headers to find out where the emails are are *really* coming from.
jc
