Re: Bogus Email

From: hvdkooij@vanderkooij.org
Date: 11/05/01


Date: Mon, 5 Nov 2001 07:50:13 +0100 (CET)
From: <hvdkooij@vanderkooij.org>
To: Incidents Mailing List <INCIDENTS@securityfocus.com>
Subject: Re: Bogus Email
Message-ID: <Pine.LNX.4.33.0111050747060.29990-100000@ultra1.hugo.vanderkooij.org>

On Sat, 3 Nov 2001 Thor@HammerofGod.com wrote:

> For whatever reason, it seems that I have become the target (or masqueraded
> source as the case may be) of an email prank.
>
> Someone originating from SERVER4 (193.128.138.68 [193.128.138.68]) is
> sending out the email portion of the Nimda virus with *my* email address as
> the FROM.

That is normal behaviour for nimda in fact. It grabs a random email
address from your mailbox and uses it as faked "From:" address.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij@vanderkooij.org		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com