nanog mailing list archives
Re: Weird email messages with "re:movie" and "re:application" in the subject line..
From: "Steven M. Bellovin" <smb () research att com>
Date: Wed, 25 Jun 2003 23:37:56 -0400
In message <200306260325.h5Q3PP5U025759 () nic-naa net>, Eric Brunner-Williams in Portland Maine writes:
W32/sobig.e@MM per McAffee.....I seem to have done one better ... according to a M$ host in Level3-land, the Unix box right in front of me sent the mail in question. Someone at L3 needs to call home. The only L3 turd in my mail log is their inbound... Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=<administrator@Lev el3.com>, size=1711, class=0, nrcpts=1, msgid=<012d01c33b68$2bd14b40$d706010a@ corp.global.level3.com>, proto=ESMTP, daemon=MTA, relay=machine77.Level3.com [ 209.244.4.106]
And I've gotten bounces from mail allegedly from me. It's not L3's
fault; this particular worm forges From: lines on its email.
Another day, another worm.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
Current thread:
- RE: Weird email messages with "re:movie" and "re:application" in the subject line.. Williamson, Todd (Jun 25)
- <Possible follow-ups>
- Re: Weird email messages with "re:movie" and "re:application" in the subject line.. Steven M. Bellovin (Jun 25)
- Re: Weird email messages with "re:movie" and "re:application" in the subject line.. Steven M. Bellovin (Jun 26)
- Re: Weird email messages with "re:movie" and "re:application" in the subject line.. Eric Brunner-Williams in Portland Maine (Jun 26)