Security Basics mailing list archives
RE: SoBig and some info
From: "Matthew F. Caldwell" <mattc () guarded net>
Date: Fri, 22 Aug 2003 10:16:54 -0400
Kevin, Most mail servers allow relaying from trusted host(s). Trust is gained through a variety of mechanisms. The two primary ways of doing this are Access Control List(s) and Authentication. This is done so internal users can send mail from your organizations email addresses and your personal email address. A lot of Exchange Servers allow this. Matt Matthew F. Caldwell, CISSP Founder and CSO GuardedNet, Inc. www.guarded.net mattc () guarded net -----Original Message----- From: Kevin Saenz [mailto:ksaenz () spinaweb com au] Sent: Thursday, August 21, 2003 6:56 PM To: security-basics () securityfocus com Subject: SoBig and some info This current strain of SoBig, seems to be smarter than before. it seems to be grabbing real email addresses in people's outlook and using those as spoof accounts. The other thing I have found is, if that is the case there are thousands of email servers that are acting as open relays. Can any one correct me if I am wrong, I am pretty sure this is open to some hot debate. As my question will be if email servers are not relaying then how can a virus transmit spoofed email addresses? I have seen emails bouncing back to me saying that an email from me is possibly infected and contains an executable .pif the header of the email from me is Outlook version 6.x. The problem with that is, emails 100% of the time from me are sent by Evolution, a Linux email client. This has been since Wed Night Australian time or Tuesday morning U.S time. -- Regards, Kevin Saenz Spinaweb I.T consultants Ph: 02 4620 5130 Fax: 02 4625 9243 Mobile: 0418455661 Web: http://www.spinaweb.com.au ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: SoBig and some info Kevin Saenz (Aug 22)
- <Possible follow-ups>
- Re: SoBig and some info Chris Berry (Aug 22)
- RE: SoBig and some info Matthew F. Caldwell (Aug 22)