nanog mailing list archives
Re: SPAM and Virus emails to NANOG
From: George William Herbert <gherbert () retro com>
Date: Fri, 19 Mar 2004 14:03:06 -0800
Steve Bellovin writes:
"Gregory Taylor" writes:Can somebody explain to me why I keep getting e-mails with no content that are setting off my virus scanners via NANOG list?Probably because there's a worm that's sending the messages -- messages that purport to be from legitimate NANOG posters. Let me guess -- the body of these messages starts <OB JECT STYLE='display:none"...> (I've added a blank because the existence of the exact string does trigger some filters.)
Yeah, exactly. The one last night appeared to come from one of my old accounts (gherbert () crl com). CRL (the ISP, in San Francisco) no longer exists, though the domain is apparently now an alias for Charles River Labratories in Massachusetts. Presumably, gherbert () crl com was still in the nanog-post list database from the Early days because I didn't delete it when CRL became an ex-company, so it got in through the filters at Merit (I have sent them mail to rectify that). But this was just random bad luck from virus. A lot of the virus/worm infections now will pick random pairs of addresses out of people's mailboxes; one is used as the "from" in a new virus message, the other as the recipient. Someone I sent mail to at some point, who had received nanog mail (or some combination thereof) got a virus, and it lucked out in picking a recipient (nanog) that was a closed list but using a From: address that was a valid sender for the list. This could happen again any time if anyone else on the list gets a virus, if the From/To pairs that are randomly picked turn out to line up with the list in a valid way. The virus came to Merit from 151.202.157.67, which is a Verizon parent block, and the particular set of addresses are One FN (NET-151-202-157-64-1). Who are someone at 1 Park ave, New York. I live in Oakland, California. Welcome to the new exciting world of Outlook. This is why I use nmh as my mail user agent. But it doesn't protect anyone else out there from viruses impersonating me in this manner. Or impersonating you, or anyone else... -george william herbert gherbert () retro com
Current thread:
- SPAM and Virus emails to NANOG Gregory Taylor (Mar 19)
- Re: SPAM and Virus emails to NANOG Steven M. Bellovin (Mar 19)
- <Possible follow-ups>
- Re: SPAM and Virus emails to NANOG George William Herbert (Mar 19)
- Re: SPAM and Virus emails to NANOG Jared Mauch (Mar 19)
- Re: SPAM and Virus emails to NANOG Valdis . Kletnieks (Mar 19)
- Re: SPAM and Virus emails to NANOG Jared Mauch (Mar 19)