My bet is that it's from a Comcast customer. While the virus can spoof
the "from" line and insert anything in the "to" line, thus hiding the
origin from your average user, it *can't* spoof the originating IP
address (that which it used to talk to the mailing list's server). From
what I can see below, it looks like that origination point was a Comcast
IP address.
Most likely, the originating system has both your address, Steve, and
the Olympus list address in its address book. That's the usual source of
"from" and "to" lines and how the virus attempts to hide its origin.
Where the ISP other than Comcast, I might suggest forwarding the
information to them to have them try to follow up and determine which of
their customers was using that particular address at the time the
message was sent. However, since there's no evidence of intelligent life
of any sort at Comcast's support office for some months now, I expect
that any attempt to communicate them would be a Total Waste of Time.
---
Scott Gomez
-----Original Message-----
From: Stephen Troy [mailto:sctroy@xxxxxxxxx]
Subject: [OM] Annoying virus
I did not send the message below to the list. Can someone out there
take a
look at the following and see if there's anything there that looks like
a
clue to who on the list might have this virus? Someone on Comcast
broadband, perhaps?
Steve Troy
>Return-Path: <olympus-owner@xxxxxxxxxx>
>Received: from mr12.mrf.mail.rcn.net (207.172.4.31 [207.172.4.31])
> by ms02.mrf.mail.rcn.net (Mirapoint Messaging Server MOS
3.2.2-GA FastPath)
> with ESMTP id GIU39448;
> Fri, 30 Apr 2004 17:09:49 -0400 (EDT)
>Received: from mx10.mrf.mail.rcn.net (mx10.mrf.mail.rcn.net
[207.172.4.59])
> by mr12.mrf.mail.rcn.net (MOS 3.4.4-GR)
> with ESMTP id AFW02175;
> Fri, 30 Apr 2004 17:09:47 -0400 (EDT)
>Received: from ml1.proxad.net ([213.228.0.43] helo=ml.free.fr)
> by mx10.mrf.mail.rcn.net with esmtp (Exim 3.35 #7)
> id 1BJfGU-0002hX-00; Fri, 30 Apr 2004 17:09:47 -0400
>Received: from ml1 (localhost [127.0.0.1])
> by ml.free.fr (Postfix) with ESMTP
> id E5CD6C8081; Fri, 30 Apr 2004 23:09:13 +0200 (CEST)
>Received: with LISTAR (v0.42; list olympus); Fri, 30 Apr 2004 23:09:13
+0200 (CEST)
>Delivered-To: olympus@xxxxxxxxxx
>Received: from ml.free.fr (c-24-13-18-152.client.comcast.net
[24.13.18.152])
> by ml.free.fr (Postfix) with ESMTP id BA8F0C805B
> for <olympus@xxxxxxxxxx>; Fri, 30 Apr 2004 23:09:11 +0200 (CEST)
>From: sctroy@xxxxxxxxx
>To: olympus@xxxxxxxxxx
>Subject: [OM] Information
>Date: Fri, 30 Apr 2004 16:09:13 -0500
>MIME-Version: 1.0
>Content-type: text/plain; charset=Windows-1252
>Content-Transfer-Encoding: 8bit
>X-Priority: 1
>X-MSMail-Priority: High
>Message-Id: <20040430210911.BA8F0C805B@xxxxxxxxxx>
>X-listar-version: Listar v0.42
>Sender: olympus-owner@xxxxxxxxxx
>Errors-To: olympus-owner@xxxxxxxxxx
>X-original-sender: sctroy@xxxxxxxxx
>Precedence: bulk
>Reply-To: olympus@xxxxxxxxxx
>X-list: olympus
>X-Junkmail-Status: score=22/65, host=mr12.mrf.mail.rcn.net
The olympus mailinglist olympus@xxxxxxxxxx
To unsubscribe: mailto:olympus-request@xxxxxxxxxx?subject=unsubscribe
To contact the list admins: mailto:olympusadmin@xxxxxxxxxx?subject="Olympus
List Problem"
|