Re: virus or? (Those crazy ICG folk)

[Josh Richards <jrichard () cubicle net>]

*sigh*

Joe has almost got it.  Apparently a Jim of ICG sent an e-mail to a 
large collection of NOC contacts -- one of which was ours -- asking
about a holiday moratorium.  It hit our (digitalwest.net) ticketing 
system (RT2) which stripped off the Cc: line so I didn't see it when I
responded via e-mail to him via the queue.  I had no idea he'd Cc:'d 
anyone (and, by default, RT doesn't display the Cc: line in the e-mail 
sent to queue watchers though it does display it in the web interface).  
Since the recipient expansion is handled by RT and not the mail client 
I could not see the horrendous list of Cc:'s.  When my response 
went back into our ticketing system to go out to Jim, RT expanded the 
recipients list back out to include all of the original recipients.  
Apparently Jim didn't know how to Bcc:...  We turned off our 
auto-responder immediately after we discovered what had happened to 
mitigate NOC ticket system loops.  

-jr

* Joe Wood <joew () accretive-networks net> [20021125 22:29]:
> It appears to be caused by an someone replying to all, instead of just the
> originator of the message. Since most of the recipients were role accounts
> under a ticketing system, the auto-responders took over, creating an
> interesting loop; It provides a good reason why an auto-responder should
> strip out the Cc: when sending a response.
>
> The original message is below, although I still question its intent.
>
> Please don't reply to the message if you receive it, it should die out.
>
> Joe
>
> >   Hello, my name is Jim I am the Transport NOC Manager at ICG
> > Telecommunications.  I would like to know if you will be working under a
> > moratorium during the holidays?  I am also interested in building a solid
> > working relationship between our departments.  Please respond with contact
> > information so that we can begin working together.
> >
> > Sincerely,
> >
> > Jim Meslovich
> > NOC Transport Manager
> > W Ph. 303-414-8087
> > Pager 303-826-6931
> > Cell  303-915-6344
> > James_Meslovich () icgcomm com
>
>
> On Tue, 26 Nov 2002, Joe Abley wrote:
>
> > On Monday, Nov 25, 2002, at 22:31 Canada/Eastern, Randy Rostie wrote:
> >
> > > We received the following email, with an incredible number of email
> > > addresses in the cc: field. We did not even get the original message.
> > > Maybe someone has a virus on their computer?
> >
> > Maybe someone forwarded all the addresses to a public mailing list
> > which is archived on the web in multiple places, and the addresses got
> > harvested by spammers?
> >
> > Oh well, if not, I'm sure it will happen shortly.
> >
> >
> > Joe

-- 
----
Josh Richards <jrichard@{ geekresearch.com, cubicle.net, digitalwest.net }>
Geek Research, LLC - Digital West Networks, Inc - San Luis Obispo, CA 
KG6CYK - IP/Unix/telecom/knowledge/coffee/security/crypto/business/geek