[68878] in North American Network Operators' Group
Re: Hi (fwd)
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Mar 17 23:45:18 2004
From: "Steven M. Bellovin" <smb@research.att.com>
To: "william(at)elan.net" <william@elan.net>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Wed, 17 Mar 2004 21:33:34 PST."
<Pine.LNX.4.44.0403172118250.2114-100000@sokol.elan.net>
Date: Wed, 17 Mar 2004 23:44:38 -0500
Errors-To: owner-nanog-outgoing@merit.edu
In message <Pine.LNX.4.44.0403172118250.2114-100000@sokol.elan.net>, "william(a
t)elan.net" writes:
>
>
>Me thinks somebody has found a trapdoor in nanog mailsetup and is in
>general out to get us ...
>
>This one supposedely came from 203.18.63.43 (australia powerhous museum -
>phm.gov.au) and advertises page on ip 165.134.187.102 (saint louis
>univerisity - slu.edu). "Connection refused" when I tried to see what's there.
No -- I'm pretty sure it's a worm. Of the 20 copies I've received --
in just the last 3 hours -- only three have been via the NANOG list.
On the bright side, Spamassassin 2.63's default settings seem to kill
this one. In fact, it was only by accident that I even noticed them.
--Steve Bellovin, http://www.research.att.com/~smb
