At 10:22 PM 9/28/2002 -0500, John Lind wrote:
>At 18:20 9/28/02, Someone (or their infected machine) wrote:
>>Network Associates WebShield SMTP V4.5 on proxy3 detected virus
>>Exploit-MIME.gen.exe
>>ve that will make low light focussing easier
>>m. granted i havent yet tried using the compact rfs, my next visit to
>>han you need, but they could be scaled down in Photoshop. <p><a
>>href="http://www.marlinstudios.com";>http://www.marlinstudios.com</a>
>>?
>>in attachment unknown from <remaxontheriver@xxxxxxxxxxxxxx> and it was
>>Cleaned and
>
>[rest snipped out]
>
>
>This wasn't from me!
>
>Here's the relevant part of its header (before it got to the list server);
>it originated from somewhere in "centurytel.net" which is completely
>different from my ISP's domain. Furthermore, I'm not subscribed to the digest!
Not surprising. The latest generations of these viruses "harvest" e-mail
address books and in some cases e-mail bodies (particularly those of you
benighted enough to use Microsoft Outlook ;-) ), and then insert random e-mail
addresses into both the "To:" and "From:" fields. About all we can say for
sure is that the virus attempt came from someone who has both John Lind's
e-mail address and the List address in his/her e-mail app, somewhere. I also
got a separate copy in my Inbox (I use Eudora Pro), so whoever the unwitting
third party is, he/she also has my e-mail address somewhere.
This limits the potential vectors to about, oh, half a billion people
planetwide. :-/
Garth
< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >
|