Re: Bogus Email
From: hvdkooij@vanderkooij.orgDate: 11/05/01
- Previous message: Valdis.Kletnieks@vt.edu: "Re: Firewall hits/unknown ports"
- In reply to: Thor@HammerofGod.com: "Bogus Email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 5 Nov 2001 07:50:13 +0100 (CET) From: <hvdkooij@vanderkooij.org> To: Incidents Mailing List <INCIDENTS@securityfocus.com> Subject: Re: Bogus Email Message-ID: <Pine.LNX.4.33.0111050747060.29990-100000@ultra1.hugo.vanderkooij.org>
On Sat, 3 Nov 2001 Thor@HammerofGod.com wrote:
> For whatever reason, it seems that I have become the target (or masqueraded
> source as the case may be) of an email prank.
>
> Someone originating from SERVER4 (193.128.138.68 [193.128.138.68]) is
> sending out the email portion of the Nimda virus with *my* email address as
> the FROM.
That is normal behaviour for nimda in fact. It grabs a random email
address from your mailbox and uses it as faked "From:" address.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Valdis.Kletnieks@vt.edu: "Re: Firewall hits/unknown ports"
- In reply to: Thor@HammerofGod.com: "Bogus Email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
