![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Hi (fwd)
From: "Steven M. Bellovin" <smb () research att com>
Date: Wed, 17 Mar 2004 23:44:38 -0500
In message <Pine.LNX.4.44.0403172118250.2114-100000 () sokol elan net>, "william(a t)elan.net" writes:
Me thinks somebody has found a trapdoor in nanog mailsetup and is in general out to get us ... This one supposedely came from 203.18.63.43 (australia powerhous museum - phm.gov.au) and advertises page on ip 165.134.187.102 (saint louis univerisity - slu.edu). "Connection refused" when I tried to see what's there.
No -- I'm pretty sure it's a worm. Of the 20 copies I've received -- in just the last 3 hours -- only three have been via the NANOG list. On the bright side, Spamassassin 2.63's default settings seem to kill this one. In fact, it was only by accident that I even noticed them. --Steve Bellovin, http://www.research.att.com/~smb
Current thread:
- Re: Hi (fwd) william(at)elan.net (Mar 17)
- Re: Hi (fwd) Steven M. Bellovin (Mar 17)
- Re: Hi (fwd) Suresh Ramasubramanian (Mar 17)
- Re: Hi (fwd) Arnold Nipper (Mar 18)
- Re: Hi (fwd) Colin Neeson (Mar 17)
- Re: Hi (fwd) william(at)elan.net (Mar 17)
- Re: Hi (fwd) Matthew Sullivan (Mar 18)
- <Possible follow-ups>
- RE: Hi (fwd) Thor Larholm (Mar 18)